Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-14381 (GCVE-0-2020-14381)
Vulnerability from cvelistv5 – Published: 2020-12-03 16:21 – Updated: 2026-02-25 16:48
VLAI
EPSS
Summary
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1874311 | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-14381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T03:55:30.950412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:48:37.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 5.6-rc6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-03T16:21:55.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.6-rc6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14381",
"datePublished": "2020-12-03T16:21:55.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2026-02-25T16:48:37.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-14381",
"date": "2026-06-28",
"epss": "0.0083",
"percentile": "0.52954"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.6\", \"matchCriteriaId\": \"DFAE22DD-961A-444C-A52E-93164D021497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.6:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A92F7A0E-C302-4FEA-9EF3-1A3D5CF3AD54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.6:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5DAF39E-0835-49B4-8221-7FCE81692A4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.6:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"73DFCE15-1BB8-4740-B9CD-57F2DF3EA15D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.6:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D3107F6-EB44-4C65-AA1B-1E96923F6409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.6:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC0C894E-6323-44E5-89DD-8FB6A5C41CAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C76EAC9-C2E6-4B6F-B002-ADBE74DDD794\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in the Linux kernel\\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en la implementaci\\u00f3n de futex del kernel de Linux. Este fallo permite a un atacante local corromper la memoria del sistema o aumentar sus privilegios al crear un futex en un sistema de archivos que est\\u00e1 a punto de ser desmontado. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema\"}]",
"id": "CVE-2020-14381",
"lastModified": "2024-11-21T05:03:08.323",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-12-03T17:15:12.347",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1874311\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1874311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-14381\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-12-03T17:15:12.347\",\"lastModified\":\"2026-02-25T18:16:52.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en la implementaci\u00f3n de futex del kernel de Linux. Este fallo permite a un atacante local corromper la memoria del sistema o aumentar sus privilegios al crear un futex en un sistema de archivos que est\u00e1 a punto de ser desmontado. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.6\",\"matchCriteriaId\":\"DFAE22DD-961A-444C-A52E-93164D021497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A92F7A0E-C302-4FEA-9EF3-1A3D5CF3AD54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5DAF39E-0835-49B4-8221-7FCE81692A4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"73DFCE15-1BB8-4740-B9CD-57F2DF3EA15D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.6:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D3107F6-EB44-4C65-AA1B-1E96923F6409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.6:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC0C894E-6323-44E5-89DD-8FB6A5C41CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C76EAC9-C2E6-4B6F-B002-ADBE74DDD794\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1874311\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1874311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1874311\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T12:46:34.170Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-14381\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-24T03:55:30.950412Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T16:47:29.382Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"kernel\", \"versions\": [{\"status\": \"affected\", \"version\": \"Linux kernel 5.6-rc6\"}]}], \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1874311\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the Linux kernel\\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2020-12-03T16:21:55.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Linux kernel 5.6-rc6\"}]}, \"product_name\": \"kernel\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1874311\", \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1874311\", \"refsource\": \"MISC\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254\", \"name\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A flaw was found in the Linux kernel\\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-416\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-14381\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-14381\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-25T16:48:37.567Z\", \"dateReserved\": \"2020-06-17T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2020-12-03T16:21:55.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2020-AVI-784
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4-LTSS | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 9 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-ESPOS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | N/A | SUSE OpenStack Cloud 9 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14390",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14390"
},
{
"name": "CVE-2020-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25285"
},
{
"name": "CVE-2020-12351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12351"
},
{
"name": "CVE-2020-25284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25284"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-0404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0404"
},
{
"name": "CVE-2020-16120",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16120"
},
{
"name": "CVE-2020-26088",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26088"
},
{
"name": "CVE-2020-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2521"
},
{
"name": "CVE-2020-0430",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0430"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2020-0432",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0432"
},
{
"name": "CVE-2020-12352",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12352"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2020-25668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25668"
},
{
"name": "CVE-2020-8694",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8694"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2020-27675",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27675"
},
{
"name": "CVE-2020-25641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25641"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
},
{
"name": "CVE-2020-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0431"
},
{
"name": "CVE-2020-27673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27673"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-784",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-12-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203532-1 du 1 d\u00e9cembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203532-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203544-1 du 1 d\u00e9cembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203544-1/"
}
]
}
CERTFR-2021-AVI-125
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Debuginfo 11-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-SP4-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 11-EXTRA |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Debuginfo 11-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 11-EXTRA",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14390",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14390"
},
{
"name": "CVE-2020-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28974"
},
{
"name": "CVE-2020-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25285"
},
{
"name": "CVE-2020-28915",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28915"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2020-29660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"name": "CVE-2020-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4788"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2020-25284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25284"
},
{
"name": "CVE-2020-27786",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27786"
},
{
"name": "CVE-2020-0404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0404"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-27068",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27068"
},
{
"name": "CVE-2020-36158",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36158"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-15437",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15437"
},
{
"name": "CVE-2020-14353",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14353"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2020-25669",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25669"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2020-25668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25668"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2020-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0431"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-125",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de SUSE suse-su-202114630-1 du 16 f\u00e9vrier 2021",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114630-1/"
}
]
}
CERTFR-2021-AVI-590
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Android. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions sans le correctif du 02 ao\u00fbt 2021",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0578"
},
{
"name": "CVE-2021-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
},
{
"name": "CVE-2021-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
},
{
"name": "CVE-2021-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
},
{
"name": "CVE-2021-1904",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1904"
},
{
"name": "CVE-2021-1919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1919"
},
{
"name": "CVE-2021-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0580"
},
{
"name": "CVE-2021-0579",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0579"
},
{
"name": "CVE-2021-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1916"
},
{
"name": "CVE-2021-0462",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0462"
},
{
"name": "CVE-2021-1930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1930"
},
{
"name": "CVE-2021-1978",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1978"
},
{
"name": "CVE-2021-1920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1920"
},
{
"name": "CVE-2021-0582",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0582"
},
{
"name": "CVE-2021-0573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0573"
},
{
"name": "CVE-2021-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1947"
},
{
"name": "CVE-2021-0574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0574"
},
{
"name": "CVE-2021-1929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1929"
},
{
"name": "CVE-2021-0519",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
},
{
"name": "CVE-2021-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
},
{
"name": "CVE-2021-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
},
{
"name": "CVE-2021-30260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30260"
},
{
"name": "CVE-2021-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
},
{
"name": "CVE-2021-1914",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1914"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2021-0576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0576"
},
{
"name": "CVE-2021-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
},
{
"name": "CVE-2021-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
},
{
"name": "CVE-2021-0639",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0639"
},
{
"name": "CVE-2021-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30261"
},
{
"name": "CVE-2021-0645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0645"
},
{
"name": "CVE-2021-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
},
{
"name": "CVE-2021-28375",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28375"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
},
{
"name": "CVE-2021-0581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0581"
},
{
"name": "CVE-2021-1939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1939"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-590",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nElles permettent \u00e0 un attaquant de provoquer\u00a0un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 02 ao\u00fbt 2021",
"url": "https://source.android.com/security/bulletin/2021-08-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel du 02 ao\u00fbt 2021",
"url": "https://source.android.com/security/bulletin/pixel/2021-08-01"
}
]
}
CERTFR-2024-AVI-0203
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Cerberus PRO EN Engineering Tool versions antérieures à IP8 | ||
| Siemens | N/A | SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Sinteso FS20 EN Fire Panel FC20 versions antérieures à MP8 | ||
| Siemens | N/A | RUGGEDCOM APE1808 avec Fortinet NGFW versions antérieures à V7.4.1 | ||
| Siemens | N/A | Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016 | ||
| Siemens | N/A | Cerberus PRO EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016 | ||
| Siemens | N/A | SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions | ||
| Siemens | N/A | Sinteso FS20 EN Engineering Tool versions antérieures à MP8 | ||
| Siemens | N/A | SIMATIC RF160B (6GT2003-0FA00) versions antérieures à V2.2 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à V3.2 | ||
| Siemens | N/A | Solid Edge versions antérieures à V223.0.11 | ||
| Siemens | N/A | Siveillance Control versions supérieures ou égales à V2.8 versions antérieures à V3.1.1 | ||
| Siemens | N/A | Cerberus PRO EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617 | ||
| Siemens | N/A | Cerberus PRO EN Fire Panel FC72x versions antérieures à IP8 | ||
| Siemens | N/A | SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015 | ||
| Siemens | N/A | SINEMA Remote Connect Client versions antérieures à V3.1 SP1 | ||
| Siemens | N/A | SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Cerberus PRO EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015 | ||
| Siemens | N/A | Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618 | ||
| Siemens | N/A | Cerberus PRO EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618 | ||
| Siemens | N/A | Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617 | ||
| Siemens | N/A | Sinteso Mobile versions antérieures à V3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cerberus PRO EN Engineering Tool versions ant\u00e9rieures \u00e0 IP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN Fire Panel FC20 versions ant\u00e9rieures \u00e0 MP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 avec Fortinet NGFW versions ant\u00e9rieures \u00e0 V7.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN Engineering Tool versions ant\u00e9rieures \u00e0 MP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF160B (6GT2003-0FA00) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge versions ant\u00e9rieures \u00e0 V223.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Control versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.8 versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN Fire Panel FC72x versions ant\u00e9rieures \u00e0 IP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Client versions ant\u00e9rieures \u00e0 V3.1 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso Mobile versions ant\u00e9rieures \u00e0 V3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
},
{
"name": "CVE-2017-18509",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18509"
},
{
"name": "CVE-2021-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0599"
},
{
"name": "CVE-2021-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0443"
},
{
"name": "CVE-2022-20462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20462"
},
{
"name": "CVE-2021-0598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0598"
},
{
"name": "CVE-2021-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0438"
},
{
"name": "CVE-2021-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
},
{
"name": "CVE-2021-0585",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0585"
},
{
"name": "CVE-2021-0331",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0331"
},
{
"name": "CVE-2021-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0509"
},
{
"name": "CVE-2021-0601",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0601"
},
{
"name": "CVE-2021-0478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0478"
},
{
"name": "CVE-2021-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
},
{
"name": "CVE-2021-0600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0600"
},
{
"name": "CVE-2021-0928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0928"
},
{
"name": "CVE-2021-0484",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0484"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2021-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2022-41329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
},
{
"name": "CVE-2021-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0597"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2022-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
},
{
"name": "CVE-2021-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
},
{
"name": "CVE-2022-20498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20498"
},
{
"name": "CVE-2021-0473",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0473"
},
{
"name": "CVE-2022-41328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
},
{
"name": "CVE-2022-42474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
},
{
"name": "CVE-2021-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
},
{
"name": "CVE-2020-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0417"
},
{
"name": "CVE-2020-29660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"name": "CVE-2021-0604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0604"
},
{
"name": "CVE-2021-0522",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0522"
},
{
"name": "CVE-2021-39629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2021-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"name": "CVE-2022-20229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20229"
},
{
"name": "CVE-2023-33306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33306"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-20423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20423"
},
{
"name": "CVE-2021-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
},
{
"name": "CVE-2021-0650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0650"
},
{
"name": "CVE-2021-0329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0329"
},
{
"name": "CVE-2023-41675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41675"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-27997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
},
{
"name": "CVE-2023-29183",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29183"
},
{
"name": "CVE-2021-0471",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0471"
},
{
"name": "CVE-2023-29181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
},
{
"name": "CVE-2021-0963",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0963"
},
{
"name": "CVE-2021-0327",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0327"
},
{
"name": "CVE-2021-0653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0653"
},
{
"name": "CVE-2021-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0690"
},
{
"name": "CVE-2021-39634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
},
{
"name": "CVE-2021-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0596"
},
{
"name": "CVE-2023-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-22641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
},
{
"name": "CVE-2021-0919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0919"
},
{
"name": "CVE-2021-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0968"
},
{
"name": "CVE-2022-20500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20500"
},
{
"name": "CVE-2021-29647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"name": "CVE-2021-0521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0521"
},
{
"name": "CVE-2020-11301",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
},
{
"name": "CVE-2021-0953",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0953"
},
{
"name": "CVE-2021-0926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0926"
},
{
"name": "CVE-2021-0961",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0961"
},
{
"name": "CVE-2023-26207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2021-0652",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
},
{
"name": "CVE-2021-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0339"
},
{
"name": "CVE-2021-39627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
},
{
"name": "CVE-2021-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0437"
},
{
"name": "CVE-2023-29179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
},
{
"name": "CVE-2021-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0433"
},
{
"name": "CVE-2024-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22041"
},
{
"name": "CVE-2023-33305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
},
{
"name": "CVE-2022-20473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20473"
},
{
"name": "CVE-2022-43947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
},
{
"name": "CVE-2023-41841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41841"
},
{
"name": "CVE-2021-0333",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0333"
},
{
"name": "CVE-2022-20483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20483"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2024-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22045"
},
{
"name": "CVE-2022-42476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
},
{
"name": "CVE-2023-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
},
{
"name": "CVE-2021-0399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
},
{
"name": "CVE-2023-33301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33301"
},
{
"name": "CVE-2021-0476",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0476"
},
{
"name": "CVE-2021-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0507"
},
{
"name": "CVE-2021-0390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
},
{
"name": "CVE-2021-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0444"
},
{
"name": "CVE-2021-0520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0520"
},
{
"name": "CVE-2021-0586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0586"
},
{
"name": "CVE-2021-39633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
},
{
"name": "CVE-2021-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0587"
},
{
"name": "CVE-2021-0952",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0952"
},
{
"name": "CVE-2022-20476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20476"
},
{
"name": "CVE-2020-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
},
{
"name": "CVE-2022-20472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20472"
},
{
"name": "CVE-2021-0326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0326"
},
{
"name": "CVE-2021-0929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0929"
},
{
"name": "CVE-2022-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20227"
},
{
"name": "CVE-2021-0336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0336"
},
{
"name": "CVE-2023-44250",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44250"
},
{
"name": "CVE-2021-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0506"
},
{
"name": "CVE-2021-0515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0515"
},
{
"name": "CVE-2022-20355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20355"
},
{
"name": "CVE-2021-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0330"
},
{
"name": "CVE-2021-0688",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0688"
},
{
"name": "CVE-2021-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
},
{
"name": "CVE-2024-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
},
{
"name": "CVE-2021-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"name": "CVE-2023-29178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
},
{
"name": "CVE-2022-20130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
},
{
"name": "CVE-2021-0519",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
},
{
"name": "CVE-2021-0516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0516"
},
{
"name": "CVE-2021-39621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2022-42469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
},
{
"name": "CVE-2021-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
},
{
"name": "CVE-2021-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
},
{
"name": "CVE-2022-41327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
},
{
"name": "CVE-2021-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2023-36555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36555"
},
{
"name": "CVE-2022-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
},
{
"name": "CVE-2022-20468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20468"
},
{
"name": "CVE-2023-22640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22640"
},
{
"name": "CVE-2021-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0400"
},
{
"name": "CVE-2022-20469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20469"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
},
{
"name": "CVE-2021-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0682"
},
{
"name": "CVE-2021-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0480"
},
{
"name": "CVE-2021-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0429"
},
{
"name": "CVE-2023-22639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
},
{
"name": "CVE-2021-0683",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0683"
},
{
"name": "CVE-2022-20411",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20411"
},
{
"name": "CVE-2022-43953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
},
{
"name": "CVE-2023-33307",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33307"
},
{
"name": "CVE-2021-0328",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0328"
},
{
"name": "CVE-2021-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0684"
},
{
"name": "CVE-2022-20466",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20466"
},
{
"name": "CVE-2023-40718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40718"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0704"
},
{
"name": "CVE-2022-20127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
},
{
"name": "CVE-2021-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0436"
},
{
"name": "CVE-2021-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
},
{
"name": "CVE-2022-45861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
},
{
"name": "CVE-2021-0594",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0594"
},
{
"name": "CVE-2021-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
},
{
"name": "CVE-2021-0514",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0514"
},
{
"name": "CVE-2021-0511",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0511"
},
{
"name": "CVE-2021-0931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0931"
},
{
"name": "CVE-2024-21483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21483"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2023-45793",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45793"
},
{
"name": "CVE-2021-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0689"
},
{
"name": "CVE-2023-28001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28001"
},
{
"name": "CVE-2021-0970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0970"
},
{
"name": "CVE-2021-0337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0337"
},
{
"name": "CVE-2022-32257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32257"
},
{
"name": "CVE-2023-36639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
},
{
"name": "CVE-2021-39623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
},
{
"name": "CVE-2022-41330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
},
{
"name": "CVE-2021-0508",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0508"
},
{
"name": "CVE-2021-0325",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0325"
},
{
"name": "CVE-2021-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
},
{
"name": "CVE-2022-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41334"
},
{
"name": "CVE-2024-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
},
{
"name": "CVE-2020-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2021-0302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0302"
},
{
"name": "CVE-2021-0589",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0589"
},
{
"name": "CVE-2021-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0305"
},
{
"name": "CVE-2023-33308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33308"
},
{
"name": "CVE-2023-29175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
},
{
"name": "CVE-2021-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0431"
},
{
"name": "CVE-2021-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
},
{
"name": "CVE-2021-0474",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0474"
},
{
"name": "CVE-2021-0930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0930"
},
{
"name": "CVE-2021-39626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
},
{
"name": "CVE-2021-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0967"
},
{
"name": "CVE-2023-25610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
},
{
"name": "CVE-2023-37935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37935"
},
{
"name": "CVE-2021-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0695"
},
{
"name": "CVE-2024-22040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22040"
},
{
"name": "CVE-2021-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0965"
},
{
"name": "CVE-2021-0513",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0513"
},
{
"name": "CVE-2021-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0434"
},
{
"name": "CVE-2021-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0687"
},
{
"name": "CVE-2021-0481",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0481"
},
{
"name": "CVE-2021-0964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0964"
},
{
"name": "CVE-2021-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
},
{
"name": "CVE-2021-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0435"
},
{
"name": "CVE-2021-0334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0334"
},
{
"name": "CVE-2021-0933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0933"
},
{
"name": "CVE-2021-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
},
{
"name": "CVE-2023-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
},
{
"name": "CVE-2021-0588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0588"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-22039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22039"
},
{
"name": "CVE-2021-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
},
{
"name": "CVE-2021-0510",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0510"
},
{
"name": "CVE-2021-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0692"
},
{
"name": "CVE-2024-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22044"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0203",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-792319 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-792319.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-918992 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-918992.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-353002 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-653855 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-225840 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-145196 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-382651 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382651.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-832273 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-366067 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-366067.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-770721 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-576771 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-576771.html"
}
]
}
FKIE_CVE-2020-14381
Vulnerability from fkie_nvd - Published: 2020-12-03 17:15 - Updated: 2026-06-17 02:54
Severity
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1874311 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1874311 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254 | Mailing List, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 | |
| linux | linux_kernel | 5.6 |
{
"affected": [
{
"affectedData": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Linux kernel 5.6-rc6"
}
]
}
],
"source": "secalert@redhat.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAE22DD-961A-444C-A52E-93164D021497",
"versionEndExcluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A92F7A0E-C302-4FEA-9EF3-1A3D5CF3AD54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F5DAF39E-0835-49B4-8221-7FCE81692A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "73DFCE15-1BB8-4740-B9CD-57F2DF3EA15D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7D3107F6-EB44-4C65-AA1B-1E96923F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DC0C894E-6323-44E5-89DD-8FB6A5C41CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "4C76EAC9-C2E6-4B6F-B002-ADBE74DDD794",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en la implementaci\u00f3n de futex del kernel de Linux. Este fallo permite a un atacante local corromper la memoria del sistema o aumentar sus privilegios al crear un futex en un sistema de archivos que est\u00e1 a punto de ser desmontado. La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema"
}
],
"id": "CVE-2020-14381",
"lastModified": "2026-06-17T02:54:39.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2020-14381",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T03:55:30.950412Z",
"version": "2.0.3"
}
}
]
},
"published": "2020-12-03T17:15:12.347",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-69W4-9W32-V3QH
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2026-02-25 18:31
VLAI
Details
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-14381"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-03T17:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"id": "GHSA-69w4-9w32-v3qh",
"modified": "2026-02-25T18:31:18Z",
"published": "2022-05-24T22:28:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14381"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-14381
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-14381",
"description": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"id": "GSD-2020-14381",
"references": [
"https://www.suse.com/security/cve/CVE-2020-14381.html",
"https://access.redhat.com/errata/RHSA-2020:4609",
"https://access.redhat.com/errata/RHSA-2020:4431",
"https://linux.oracle.com/cve/CVE-2020-14381.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-14381"
],
"details": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"id": "GSD-2020-14381",
"modified": "2023-12-13T01:21:59.806891Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel 5.6-rc6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.6:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.6:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.6:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14381"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8019ad13ef7f64be44d4f892af9c840179009254"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874311"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-12-08T16:00Z",
"publishedDate": "2020-12-03T17:15Z"
}
}
}
ICSA-24-074-07
Vulnerability from csaf_cisa - Published: 2024-03-14 06:00 - Updated: 2024-03-14 06:00Summary
Siemens SIMATIC
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of a privileged process.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
8.1 (High)
7.8 (High)
5.0 (Medium)
7.8 (High)
5.5 (Medium)
7.5 (High)
8.1 (High)
7.8 (High)
6.7 (Medium)
CWE-326
- Inadequate Encryption Strength
7.4 (High)
5.4 (Medium)
4.2 (Medium)
4.4 (Medium)
7.8 (High)
7.8 (High)
7.8 (High)
8.8 (High)
7.5 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.3 (High)
7.3 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.5 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
5.5 (Medium)
9.8 (Critical)
9.8 (Critical)
7.8 (High)
5.5 (Medium)
7.8 (High)
7.5 (High)
8.0 (High)
7.3 (High)
7.5 (High)
5.5 (Medium)
7.8 (High)
7.8 (High)
4.7 (Medium)
5.5 (Medium)
5.5 (Medium)
8.8 (High)
9.8 (Critical)
7.0 (High)
7.8 (High)
5.5 (Medium)
7.8 (High)
5.5 (Medium)
7.3 (High)
8.8 (High)
7.0 (High)
7.0 (High)
7.8 (High)
7.8 (High)
7.8 (High)
7.8 (High)
8.1 (High)
9.8 (Critical)
9.8 (Critical)
7.8 (High)
7.0 (High)
5.5 (Medium)
7.5 (High)
5.5 (Medium)
6.7 (Medium)
7.8 (High)
7.8 (High)
5.5 (Medium)
7.8 (High)
7.3 (High)
7.8 (High)
8.0 (High)
7.5 (High)
5.5 (Medium)
7.3 (High)
5.5 (Medium)
7.8 (High)
5.5 (Medium)
5.5 (Medium)
7.8 (High)
5.5 (Medium)
5.5 (Medium)
7.8 (High)
6.5 (Medium)
5.5 (Medium)
7.8 (High)
5.5 (Medium)
5.5 (Medium)
7.8 (High)
7.8 (High)
5.0 (Medium)
7.0 (High)
5.5 (Medium)
6.5 (Medium)
7.8 (High)
5.5 (Medium)
5.5 (Medium)
5.5 (Medium)
7.8 (High)
8.1 (High)
5.0 (Medium)
6.4 (Medium)
7.8 (High)
7.8 (High)
7.8 (High)
8.8 (High)
5.5 (Medium)
8.0 (High)
5.0 (Medium)
7.8 (High)
4.4 (Medium)
7.1 (High)
6.5 (Medium)
8.8 (High)
8.8 (High)
8.8 (High)
7.8 (High)
9.8 (Critical)
9.8 (Critical)
5.5 (Medium)
7.8 (High)
6.8 (Medium)
7.8 (High)
9.8 (Critical)
7.8 (High)
7.8 (High)
7.0 (High)
5.5 (Medium)
7.8 (High)
9.8 (Critical)
9.8 (Critical)
5.5 (Medium)
9.8 (Critical)
5.5 (Medium)
8.8 (High)
7.8 (High)
7.0 (High)
4.6 (Medium)
7.8 (High)
5.5 (Medium)
6.5 (Medium)
8.8 (High)
9.8 (Critical)
9.8 (Critical)
5.5 (Medium)
7.5 (High)
4.4 (Medium)
5.5 (Medium)
References
198 references
Acknowledgments
Siemens
{
"document": {
"acknowledgments": [
{
"organization": "Siemens",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of a privileged process.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-24-074-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-074-07.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-24-074-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMATIC",
"tracking": {
"current_release_date": "2024-03-14T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-074-07",
"initial_release_date": "2024-03-14T06:00:00.000000Z",
"revision_history": [
{
"date": "2024-03-14T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.2",
"product": {
"name": "Siemens SIMATIC RF160B (6GT2003-0FA00): \u003cV2.2",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMATIC RF160B (6GT2003-0FA00)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-14491",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An attacker could cause a crash or potentially execute arbitrary code by sending specially crafted DNS responses to the DNSmasq process. In order to exploit this vulnerability, an attacker must be able to trigger DNS requests from the device, and must be in a privileged position to inject malicious DNS responses.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2017-18509",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18509"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-0338",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-9 Android ID: A-123700107",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-0417",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-8.1, Android-9 Android ID: A-154319182",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0417"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-10768",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being \u0027force disabled\u0027 when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-11301",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-14305",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds memory write flaw was found in how the Linux kernel\u0027s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-14381",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in the Linux kernel\u0027s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-15436",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-24587",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-25705",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "summary",
"text": "A flaw in ICMP packets in the Linux kernel was found to allow to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26555",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26558",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-29660",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-29661",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0302",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android-9 Android-10Android ID: A-155287782",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0302"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0305",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10 Android ID: A-154015447",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0305"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0325",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-174238784",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0325"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0326",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In p2p_copy_client_info of p2p.c, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi direct search, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-172937525",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0326"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0327",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-172935267",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0327"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0328",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-172670415",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0328"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0329",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In several native functions called by AdvertiseManager.java, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-171400004",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0329"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0330",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-170732441",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0330"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0331",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-170731783",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0331"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0333",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-168504491",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0333"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0334",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-163358811",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0334"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0336",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-158219161",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0336"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0337",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-157474195",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0339",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-8.1, Android-9 Android ID: A-145728687",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0339"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0341",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-171980069",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0390",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174749461",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0391",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate() of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-172841550",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0392",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-175124730",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0393",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution if an attacker can supply a malicious PAC file, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-168041375",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0394",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-172655291",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0396",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-160610106",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0397",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174052148",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0399",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-176919394References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0400",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-177561690",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0400"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0429",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-175074139",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0429"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0431",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174149901",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0431"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0433",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-171221090",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0433"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0434",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In onReceive of BluetoothPermissionRequest.java, a phishing attack is possible allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-167403112",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0434"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0435",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174150451",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0435"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0436",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out-of-bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176496160",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0436"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0437",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-176168330",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0437"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0438",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10 Android ID: A-152064592",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0438"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0443",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-170474245",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0443"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0444",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-178825358",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0444"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0471",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out-of-bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444786",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0471"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0473",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "summary",
"text": "In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179687208",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0473"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0474",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-177611958",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0474"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0476",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-169252501",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0476"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0478",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-169255797",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0478"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0480",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-174493336",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0480"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0481",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-172939189",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0481"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0484",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "summary",
"text": "In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-173720767",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0484"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0506",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-181962311",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0506"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0507",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181860042",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0507"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0508",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In various functions of DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176444154",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0508"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0509",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444161",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0509"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0510",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-176444622",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0510"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0511",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11 Android ID: A-178055795",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0511"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0512",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-173843328References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0513",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-156090809",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0513"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0514",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-9, Android-11, Android-8.1 Android ID: A-162604069",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0514"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0515",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-167389063",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0515"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0516",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out-of-bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181660448",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0516"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0519",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-176533109",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0520",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-10 Android ID: A-176237595",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0520"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0521",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of cross-user permissions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-174661955",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0521"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0522",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out-of-bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-174182139",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0522"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0584",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In verifyBufferObject of Parcel.cpp, there is a possible out-of-bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-179289794",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0585",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In beginWrite and beginRead of MessageQueueBase.h, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-184963385",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0585"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0586",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-182584940",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0586"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0587",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out-of-bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185259758",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0587"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0588",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "summary",
"text": "In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-177238342",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0588"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0589",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-180939982",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0589"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0591",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179386960",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0593",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-179386068",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0594",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-176445224",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0594"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0596",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-181346550",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0596"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0597",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-176496502",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0597"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0598",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-180422108",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0598"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0599",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-175614289",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0599"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0600",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-179042963",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0600"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0601",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out-of-bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-180643802",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0601"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0604",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-179910660",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0604"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0640",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In noteAtomLogged of StatsdStats.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-187957589",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0641",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185235454",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0642",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-185126149",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0646",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In sqlite3_str_vappendf of sqlite3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process\u0027s SQL with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-153352319",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0650",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-190286685",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0650"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0651",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In loadLabel of PackageItemInfo.java, there is a possible way to cause a denial of service in a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-67013844",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0652",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing objects that are not thread-safe. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9, Android-10, Android-11 Android ID: A-185178568",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0653",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-177931370",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0653"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0682",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-159624555",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0682"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0683",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In runTraceIpcStop of ActivityManagerShellCommand.java, deletion of system files is possible due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-8.1, Android-9, Android-10 Android ID: A-185398942",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0683"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0684",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out-of-bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-179839665",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0684"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0687",
"cwe": {
"id": "CWE-834",
"name": "Excessive Iteration"
},
"notes": [
{
"category": "summary",
"text": "In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-188913943",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0687"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0688",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-161149543",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0688"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0689",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-8.1, Android-9 Android ID: A-190188264",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0689"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0690",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out-of-bounds write due to heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-182152757",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0690"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0692",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-11, Android-9, Android-10 Android ID: A-179289753",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0692"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0695",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In get_sock_stat of xt_qtaguid.c, there is a possible out-of-bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-184018316References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0695"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0704",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-179338675",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0704"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0706",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android Versions: Android-10 Android-11Android ID: A-193444889",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0708",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In runDumpHeap of ActivityManagerShellCommand.java, deletion of system files is possible due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-183262161",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0870",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In RW_SetActivatedTagType of rw_main.cc, memory corruption is possible due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-9, Android-10, Android-11, Android-8.1 Android ID: A-192472262",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0919",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-197336441",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0919"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0920",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-196926917References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0926",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user\u0027s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-191053931",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0926"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0928",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-9 Android ID: A-188675581",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0928"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0929",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-187527909 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0929"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0930",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-181660091",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0930"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0931",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-180747689",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0931"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0933",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-172251622",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0933"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0952",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user\u0027s contacts with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-195748381",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0952"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0953",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"notes": [
{
"category": "summary",
"text": "In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-184046278",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0953"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0961",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "summary",
"text": "In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-196046570References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0961"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0963",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "summary",
"text": "In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-199754277",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0963"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0964",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"notes": [
{
"category": "summary",
"text": "In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-193363621",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0964"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0965",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "summary",
"text": "In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user\u0027s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194300867",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0965"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0967",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In vorbis_book_decodev_set of codebook.c, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-199065614",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0967"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0968",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In osi_malloc and osi_calloc of allocator.cc, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-197868577",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0968"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-0970",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "summary",
"text": "In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-196970023",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0970"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-1972",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-1976",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-29647",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-33909",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an out-of-bounds write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-38204",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39621",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-185126319",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39623",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In doRead of SimpleDecodingSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194105348",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39626",
"cwe": {
"id": "CWE-610",
"name": "Externally Controlled Reference to a Resource in Another Sphere"
},
"notes": [
{
"category": "summary",
"text": "In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-194695497",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39627",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "summary",
"text": "In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-185126549",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39629",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-9 Android ID: A-197353344",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39633",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-150694665 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2021-39634",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-204450605References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20127",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-221862119",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20130",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-224314979",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20227",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In USB driver, there is a possible out-of-bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-216825460 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20227"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20229",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-224536184",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20229"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20355",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-219498290",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20355"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20411",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In avdt_msg_asmbl of avdt_msg.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-232023771",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20411"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20421",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-239630375 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20422",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-237540956 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20423",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In rndis_set_response of rndis.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-239842288 References: Upstream kernel",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20423"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20462",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-230356196",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20462"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20466",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"notes": [
{
"category": "summary",
"text": "In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user\u0027s password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-179725730",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20466"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20468",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In BNEP_ConnectResp of bnep_api.cc, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-228450451",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20468"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20469",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-230867224",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20469"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20472",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In toLanguageTag of LocaleListCache.cpp, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-239210579",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20472"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20473",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In toLanguageTag of LocaleListCache.cpp, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-239267173",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20473"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20476",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L Android ID: A-240936919",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20476"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20483",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "In several functions that parse avrc response in avrc_pars_ct.cc and related files, there are possible out-of-bounds reads due to integer overflows. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-242459126",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20483"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20498",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In fdt_path_offset_namelen of fdt_ro.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-246465319",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20498"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2022-20500",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10, Android-11, Android-12, Android-12L, Android-13 Android ID: A-246540168",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20500"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Siemens has released a new version (V2.2) for SIMATIC RF160B and recommends to update to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens\u0027 operational guidelines for industrial security and following recommendations in the product manuals.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "mitigation",
"details": "Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/industrialsecurity"
},
{
"category": "mitigation",
"details": "For more information see the associated Siemens security advisory SSA-770721 in HTML and CSAF.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
MSRC_CVE-2020-14381
Vulnerability from csaf_microsoft - Published: 2020-12-02 00:00 - Updated: 2020-12-09 00:00Summary
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2020/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2020/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2020-14381 A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality integrity as well as system availability. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-14381.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.",
"tracking": {
"current_release_date": "2020-12-09T00:00:00.000Z",
"generator": {
"date": "2025-10-19T18:13:45.021Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2020-14381",
"initial_release_date": "2020-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2020-12-09T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 kernel 5.4.91-1",
"product": {
"name": "\u003ccm1 kernel 5.4.91-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 kernel 5.4.91-1",
"product": {
"name": "cm1 kernel 5.4.91-1",
"product_id": "19137"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 kernel 5.4.91-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 kernel 5.4.91-1 as a component of CBL Mariner 1.0",
"product_id": "19137-16820"
},
"product_reference": "19137",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-14381",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19137-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-14381 A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality integrity as well as system availability. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2020/msrc_cve-2020-14381.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-09T00:00:00.000Z",
"details": "5.4.91-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "A flaw was found in the Linux kernel\u2019s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality integrity as well as system availability."
}
]
}
OPENSUSE-SU-2020:1655-1
Vulnerability from csaf_opensuse - Published: 2020-10-11 13:53 - Updated: 2020-10-11 13:53Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-25212: Fixed nfs getxattr kernel panic and memory overflow that could lead to crashes or privilege escalations (bsc#1176381).
- CVE-2020-14381: Fixed inode life-time issue in futex handling (bsc#1176011).
- CVE-2020-25643: Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (bnc#1177206).
- CVE-2020-25641: A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allowed a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability (bnc#1177121).
- CVE-2020-26088: A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a (bnc#1176990).
- CVE-2020-14390: When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1176235 bnc#1176278).
- CVE-2020-0432: In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176721).
- CVE-2020-0427: In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176725).
- CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176722).
- CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176423).
- CVE-2020-25284: The rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe (bnc#1176482).
- CVE-2020-14386: Memory corruption in af_apcket can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bnc#1176069).
The following non-security bugs were fixed:
- 9p: Fix memory leak in v9fs_mount (git-fixes).
- ACPI: EC: Reference count query handlers under lock (git-fixes).
- Add de2b41be8fcc x86, vmlinux.lds: Page-align end of ..page_aligned sections
- Add f29dfa53cc8a x86/bugs/multihit: Fix mitigation reporting when VMX is not in use
- airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).
- airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).
- airo: Fix read overflows sending packets (git-fixes).
- ALSA: asihpi: fix iounmap in error handler (git-fixes).
- ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes).
- ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
- ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).
- ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes).
- ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes).
- altera-stapl: altera_get_note: prevent write beyond end of 'key' (git-fixes).
- amd-xgbe: Add a check for an skb in the timestamp path (git-fixes).
- amd-xgbe: Add additional dynamic debug messages (git-fixes).
- amd-xgbe: Add additional ethtool statistics (git-fixes).
- amd-xgbe: Add ethtool show/set channels support (git-fixes).
- amd-xgbe: Add ethtool show/set ring parameter support (git-fixes).
- amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes).
- amd-xgbe: Add hardware features debug output (git-fixes).
- amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes).
- amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes).
- amd-xgbe: Add per queue Tx and Rx statistics (git-fixes).
- amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes).
- amd-xgbe: Always attempt link training in KR mode (git-fixes).
- amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes).
- amd-xgbe: Convert to generic power management (git-fixes).
- amd-xgbe: Fix debug output of max channel counts (git-fixes).
- amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).
- amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes).
- amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes).
- amd-xgbe: fix spelling mistake: 'avialable' -> 'available' (git-fixes).
- amd-xgbe: Handle return code from software reset function (git-fixes).
- amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes).
- amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes).
- amd-xgbe: Limit the I2C error messages that are output (git-fixes).
- amd-xgbe: Mark expected switch fall-throughs (git-fixes).
- amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes).
- amd-xgbe: Prepare for ethtool set-channel support (git-fixes).
- amd-xgbe: Prevent looping forever if timestamp update fails (git-fixes).
- amd-xgbe: Read and save the port property registers during probe (git-fixes).
- amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes).
- amd-xgbe: remove unnecessary conversion to bool (git-fixes).
- amd-xgbe: Remove use of comm_owned field (git-fixes).
- amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes).
- amd-xgbe: Simplify the burst length settings (git-fixes).
- amd-xgbe: Update the BelFuse quirk to support SGMII (git-fixes).
- amd-xgbe: Update TSO packet statistics accuracy (git-fixes).
- amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- amd-xgbe: use dma_mapping_error to check map errors (git-fixes).
- amd-xgbe: Use __napi_schedule() in BH context (git-fixes).
- amd-xgbe: Use the proper register during PTP initialization (git-fixes).
- ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).
- arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084).
- arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084).
- asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178).
- ASoC: kirkwood: fix IRQ error handling (git-fixes).
- ASoC: tegra: Fix reference count leaks (git-fixes).
- ath10k: fix array out-of-bounds access (git-fixes).
- ath10k: fix memory leak for tpc_stats_final (git-fixes).
- ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).
- batman-adv: Add missing include for in_interrupt() (git-fixes).
- batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
- batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes).
- batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes).
- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes).
- batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes).
- bcache: Convert pr_<level> uses to a more typical style (git fixes (block drivers)).
- bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)).
- bcm63xx_enet: correct clock usage (git-fixes).
- bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes).
- bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)).
- blktrace: fix debugfs use after free (git fixes (block drivers)).
- block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)).
- block: revert back to synchronous request_queue removal (git fixes (block drivers)).
- block: Use non _rcu version of list functions for tag_set_list (git-fixes).
- Bluetooth: Fix refcount use-after-free issue (git-fixes).
- Bluetooth: guard against controllers sending zero'd events (git-fixes).
- Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes).
- Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes).
- Bluetooth: prefetch channel before killing sock (git-fixes).
- bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29).
- bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes).
- btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789).
- btrfs: tree-checker: fix the error message for transid error (bsc#1176788).
- ceph: do not allow setlease on cephfs (bsc#1177041).
- ceph: fix potential mdsc use-after-free crash (bsc#1177042).
- ceph: fix use-after-free for fsc->mdsc (bsc#1177043).
- ceph: handle zero-length feature mask in session messages (bsc#1177044).
- cfg80211: regulatory: reject invalid hints (bsc#1176699).
- cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
- cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
- clk: Add (devm_)clk_get_optional() functions (git-fixes).
- clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).
- clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes).
- clk/ti/adpll: allocate room for terminating null (git-fixes).
- clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes).
- cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966).
- dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes).
- dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling (git-fixes).
- dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes).
- dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes).
- dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).
- dm crypt: avoid truncating the logical block size (git fixes (block drivers)).
- dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)).
- dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)).
- dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)).
- dm: report suspended device during destroy (git fixes (block drivers)).
- dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)).
- dm: use noio when sending kobject event (git fixes (block drivers)).
- dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)).
- dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)).
- dm zoned: assign max_io_len correctly (git fixes (block drivers)).
- drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes).
- Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877).
- Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
- drivers: net: add missing interrupt.h include (git-fixes).
- drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes).
- drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29).
- drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes).
- drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
- drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes).
- drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
- drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).
- drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
- drm/amdgpu: increase atombios cmd timeout (git-fixes).
- drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes).
- drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes).
- drm/amdkfd: fix a memory leak issue (git-fixes).
- drm/amdkfd: Fix reference count leaks (git-fixes).
- drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
- drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
- drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) * context changes
- drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes).
- drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes).
- drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).
- drm/msm: add shutdown support for display platform_driver (git-fixes).
- drm/msm: Disable preemption on all 5xx targets (git-fixes).
- drm/msm: fix leaks if initialization fails (git-fixes).
- drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes
- drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).
- drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).
- drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes).
- drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes).
- drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes).
- drm/nouveau: fix runtime pm imbalance on error (git-fixes).
- drm/omap: fix possible object reference leak (git-fixes).
- drm/radeon: fix multiple reference count leak (git-fixes).
- drm/radeon: Prefer lower feedback dividers (git-fixes).
- drm/radeon: revert 'Prefer lower feedback dividers' (git-fixes).
- drm/sun4i: Fix dsi dcs long write function (git-fixes).
- drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes).
- drm/tve200: Stabilize enable/disable (git-fixes).
- drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes).
- e1000: Do not perform reset in reset_task if we are already down (git-fixes).
- EDAC: Fix reference count leaks (bsc#1112178).
- fbcon: prevent user font height or width change from causing (bsc#1112178)
- Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950).
- ftrace: Move RCU is watching check after recursion check (git-fixes).
- ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).
- gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes).
- gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).
- gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes).
- gtp: fix Illegal context switch in RCU read-side critical section (git-fixes).
- gtp: fix use-after-free in gtp_newlink() (git-fixes).
- HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes).
- hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
- hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
- hv_utils: return error if host timesysnc update is stale (bsc#1176877).
- hwmon: (applesmc) check status earlier (git-fixes).
- i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes).
- i2c: cpm: Fix i2c_ram structure (git-fixes).
- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
- ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).
- ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).
- iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes).
- iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).
- iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes).
- iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).
- iio: adc: mcp3422: fix locking on error path (git-fixes).
- iio: adc: mcp3422: fix locking scope (git-fixes).
- iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).
- iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes).
- iio: improve IIO_CONCENTRATION channel type description (git-fixes).
- iio:light:ltr501 Fix timestamp alignment issue (git-fixes).
- iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes).
- iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).
- include: add additional sizes (bsc#1094244 ltc#168122).
- iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293).
- iommu/amd: Fix potential @entry null deref (bsc#1177294).
- iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316).
- iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291).
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317).
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295).
- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318).
- iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296).
- iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319).
- iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320).
- kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.
- kernel-syms.spec.in: Also use bz compression (boo#1175882).
- KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084).
- KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084).
- KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084).
- KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084).
- KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084).
- KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084).
- KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084).
- KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084).
- KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084).
- KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084).
- KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084).
- KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084).
- KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084).
- KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084).
- KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084).
- KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084).
- KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084).
- KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084).
- KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084).
- KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084).
- KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084).
- KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084).
- KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084).
- KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084).
- KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084).
- KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084).
- KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084).
- KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084).
- KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084).
- KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084).
- KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084).
- KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084).
- KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084).
- KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084).
- KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084).
- KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084).
- KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084).
- KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084).
- KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084).
- KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084).
- KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178).
- KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321).
- KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178).
- KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084).
- libceph: allow setting abort_on_full for rbd (bsc#1169972).
- libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
- libnvdimm: cover up struct nvdimm changes (bsc#1171742).
- libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742).
- libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
- libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
- lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)).
- livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.
- mac802154: tx: fix use-after-free (git-fixes).
- md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)).
- media: davinci: vpif_capture: fix potential double free (git-fixes).
- media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes).
- media: smiapp: Fix error handling at NVM reading (git-fixes).
- media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).
- mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
- mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes).
- mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).
- mmc: cqhci: Add cqhci_deactivate() (git-fixes).
- mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes).
- mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes).
- mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes).
- mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)).
- mm/vmalloc.c: move 'area->pages' after if statement (git fixes (mm/vmalloc)).
- mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes).
- mtd: lpddr: Fix a double free in probe() (git-fixes).
- mtd: phram: fix a double free issue in error path (git-fixes).
- mtd: properly check all write ioctls for permissions (git-fixes).
- net: 8390: Fix manufacturer name in Kconfig help text (git-fixes).
- net: amd: fix return type of ndo_start_xmit function (git-fixes).
- net/amd: Remove useless driver version (git-fixes).
- net: amd-xgbe: fix comparison to bitshift when dealing with a mask (git-fixes).
- net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes).
- net: apple: Fix manufacturer name in Kconfig help text (git-fixes).
- net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes).
- net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes).
- net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes).
- net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes).
- net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes).
- net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes).
- net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes).
- net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes).
- net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes).
- net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes).
- net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes).
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes).
- net: fs_enet: do not call phy_stop() in interrupts (git-fixes).
- net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15).
- net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes).
- net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08).
- net: lio_core: fix potential sign-extension overflow on large shift (git-fixes).
- net/mlx5: Add meaningful return codes to status_to_err function (git-fixes).
- net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes).
- net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes).
- net: mvmdio: defer probe of orion-mdio if a clock is not ready (git-fixes).
- net: mvneta: fix mtu change on port without link (git-fixes).
- net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes).
- net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
- net: qca_spi: Avoid packet drop during initial sync (git-fixes).
- net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes).
- net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15).
- net/smc: fix dmb buffer shortage (git-fixes).
- net/smc: fix restoring of fallback changes (git-fixes).
- net/smc: fix sock refcounting in case of termination (git-fixes).
- net/smc: improve close of terminated socket (git-fixes).
- net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes).
- net/smc: remove freed buffer from list (git-fixes).
- net/smc: reset sndbuf_desc if freed (git-fixes).
- net/smc: set rx_off for SMCR explicitly (git-fixes).
- net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).
- net/smc: tolerate future SMCD versions (git-fixes).
- net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes).
- net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes).
- net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes).
- net: stmmac: dwmac4: fix flow control issue (git-fixes).
- net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes).
- net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes).
- net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes).
- net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes).
- net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes).
- net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes).
- net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes).
- net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()' (git-fixes).
- net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()' (git-fixes).
- net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes).
- net: stmmac: set MSS for each tx DMA channel (git-fixes).
- net: stmmac: Use correct values in TQS/RQS fields (git-fixes).
- net-sysfs: add a newline when printing 'tx_timeout' by sysfs (networking-stable-20_07_29).
- net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes).
- net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes).
- net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (git-fixes).
- net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes).
- net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes).
- NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935).
- nvme-fc: set max_segments to lldd max value (bsc#1176038).
- nvme-pci: override the value of the controller's numa node (bsc#1176507).
- ocfs2: give applications more IO opportunities during fstrim (bsc#1175228).
- omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes).
- PCI/ASPM: Allow re-enabling Clock PM (git-fixes).
- PCI: Fix pci_create_slot() reference count leak (git-fixes).
- PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes).
- PCI: qcom: Add missing reset for ipq806x (git-fixes).
- PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes).
- PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes).
- PCI: rcar: Fix incorrect programming of OB windows (git-fixes).
- phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes).
- pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).
- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes).
- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes).
- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes).
- powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122).
- powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122).
- powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122).
- powerpc/64s: Include <asm/nmi.h> header file to fix a warning (bsc#1094244 ltc#168122).
- powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122).
- powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122).
- powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122).
- powerpc: Add cputime_to_nsecs() (bsc#1065729).
- powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436).
- powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208).
- powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
- powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ).
- powerpc/kernel: Cleanup machine check function declarations (bsc#1065729).
- powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588).
- powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436).
- powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588).
- powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208).
- powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208).
- powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436).
- powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122).
- powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208).
- powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122).
- powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122).
- powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208).
- powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122).
- powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
- powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122).
- powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122).
- powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
- powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122).
- powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122).
- powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729).
- power: supply: max17040: Correct voltage reading (git-fixes).
- rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)).
- regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes).
- Revert 'ALSA: hda: Add support for Loongson 7A1000 controller' (git-fixes).
- Revert 'ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control' (git-fixes).
- Revert 'i2c: cadence: Fix the hold bit setting' (git-fixes).
- rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).
- rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)
- rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618).
- rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, '--ca-check' is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it's used to determine whether the %post script is running in a kernel package, or a kernel module package.
- rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
- rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The '-c' option wasn't passed down to %_kernel_module_package so the ueficert subpackage wasn't generated even if the certificate is specified in the spec file.
- rtc: ds1374: fix possible race condition (git-fixes).
- rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
- rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08).
- rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29).
- s390/mm: fix huge pte soft dirty copying (git-fixes).
- s390/qeth: do not process empty bridge port events (git-fixes).
- s390/qeth: integrate RX refill worker with NAPI (git-fixes).
- s390/qeth: tolerate pre-filled RX buffer (git-fixes).
- scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
- scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675).
- scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).
- scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304).
- scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).
- scsi: libfc: Fix for double free() (bsc#1174899).
- scsi: libfc: free response frame from GPN_ID (bsc#1174899).
- scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899).
- scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
- scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
- scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
- scsi: qla2xxx: Fix the return value (bsc#1171688).
- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#1171688).
- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688).
- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688).
- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).
- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688).
- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
- scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
- scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688).
- scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes).
- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688).
- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes).
- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes).
- serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes).
- serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes).
- serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).
- Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084).
- smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
- smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
- staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes).
- stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes).
- tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08).
- thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes).
- tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178).
- usb: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).
- usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes).
- usb: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).
- usb: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes).
- usb: Fix out of sync data toggle if a configured device is reconfigured (git-fixes).
- usb: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).
- usb: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).
- usb: gadget: u_f: add overflow checks to VLA macros (git-fixes).
- usb: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).
- usb: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08).
- usblp: fix race between disconnect() and read() (git-fixes).
- usb: lvtest: return proper error code in probe (git-fixes).
- usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes).
- usb: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes).
- usb: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes).
- usb: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes).
- usb: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes).
- usb: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).
- usb: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes).
- usb: serial: option: support dynamic Quectel USB compositions (git-fixes).
- usb: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes).
- usb: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).
- usb: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).
- usb: uas: Add quirk for PNY Pro Elite (git-fixes).
- usb: UAS: fix disconnect by unplugging a hub (git-fixes).
- usb: yurex: Fix bad gfp argument (git-fixes).
- vgacon: remove software scrollback support (bsc#1176278).
- video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).
- virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)).
- vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).
- vrf: prevent adding upper devices (git-fixes).
- vxge: fix return of a free'd memblock on a failed dma mapping (git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178).
- xen: do not reschedule in preemption off sections (bsc#1175749).
- xen/events: do not use chip_data for legacy IRQs (bsc#1065600).
- XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600).
- xgbe: no need to check return value of debugfs_create functions (git-fixes).
- xgbe: switch to more generic VxLAN detection (git-fixes).
- xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).
- yam: fix possible memory leak in yam_init_driver (git-fixes).
Patchnames: openSUSE-2020-1655
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.2 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.7 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
120 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-25212: Fixed nfs getxattr kernel panic and memory overflow that could lead to crashes or privilege escalations (bsc#1176381).\n- CVE-2020-14381: Fixed inode life-time issue in futex handling (bsc#1176011).\n- CVE-2020-25643: Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (bnc#1177206).\n- CVE-2020-25641: A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allowed a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability (bnc#1177121).\n- CVE-2020-26088: A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a (bnc#1176990).\n- CVE-2020-14390: When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1176235 bnc#1176278).\n- CVE-2020-0432: In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176721).\n- CVE-2020-0427: In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176725).\n- CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176722).\n- CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176423).\n- CVE-2020-25284: The rbd block device driver in drivers/block/rbd.c used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe (bnc#1176482).\n- CVE-2020-14386: Memory corruption in af_apcket can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bnc#1176069).\n\nThe following non-security bugs were fixed:\n\n- 9p: Fix memory leak in v9fs_mount (git-fixes).\n- ACPI: EC: Reference count query handlers under lock (git-fixes).\n- Add de2b41be8fcc x86, vmlinux.lds: Page-align end of ..page_aligned sections\n- Add f29dfa53cc8a x86/bugs/multihit: Fix mitigation reporting when VMX is not in use\n- airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).\n- airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).\n- airo: Fix read overflows sending packets (git-fixes).\n- ALSA: asihpi: fix iounmap in error handler (git-fixes).\n- ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes).\n- ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).\n- ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).\n- ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled (git-fixes).\n- ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A (git-fixes).\n- ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen (git-fixes).\n- altera-stapl: altera_get_note: prevent write beyond end of \u0027key\u0027 (git-fixes).\n- amd-xgbe: Add a check for an skb in the timestamp path (git-fixes).\n- amd-xgbe: Add additional dynamic debug messages (git-fixes).\n- amd-xgbe: Add additional ethtool statistics (git-fixes).\n- amd-xgbe: Add ethtool show/set channels support (git-fixes).\n- amd-xgbe: Add ethtool show/set ring parameter support (git-fixes).\n- amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes).\n- amd-xgbe: Add hardware features debug output (git-fixes).\n- amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes).\n- amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes).\n- amd-xgbe: Add per queue Tx and Rx statistics (git-fixes).\n- amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes).\n- amd-xgbe: Always attempt link training in KR mode (git-fixes).\n- amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes).\n- amd-xgbe: Convert to generic power management (git-fixes).\n- amd-xgbe: Fix debug output of max channel counts (git-fixes).\n- amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).\n- amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes).\n- amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes).\n- amd-xgbe: fix spelling mistake: \u0027avialable\u0027 -\u003e \u0027available\u0027 (git-fixes).\n- amd-xgbe: Handle return code from software reset function (git-fixes).\n- amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes).\n- amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes).\n- amd-xgbe: Limit the I2C error messages that are output (git-fixes).\n- amd-xgbe: Mark expected switch fall-throughs (git-fixes).\n- amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes).\n- amd-xgbe: Prepare for ethtool set-channel support (git-fixes).\n- amd-xgbe: Prevent looping forever if timestamp update fails (git-fixes).\n- amd-xgbe: Read and save the port property registers during probe (git-fixes).\n- amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes).\n- amd-xgbe: remove unnecessary conversion to bool (git-fixes).\n- amd-xgbe: Remove use of comm_owned field (git-fixes).\n- amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes).\n- amd-xgbe: Simplify the burst length settings (git-fixes).\n- amd-xgbe: Update the BelFuse quirk to support SGMII (git-fixes).\n- amd-xgbe: Update TSO packet statistics accuracy (git-fixes).\n- amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes).\n- amd-xgbe: use dma_mapping_error to check map errors (git-fixes).\n- amd-xgbe: Use __napi_schedule() in BH context (git-fixes).\n- amd-xgbe: Use the proper register during PTP initialization (git-fixes).\n- ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).\n- arm64: KVM: Do not generate UNDEF when LORegion feature is present (jsc#SLE-4084).\n- arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084).\n- asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178).\n- ASoC: kirkwood: fix IRQ error handling (git-fixes).\n- ASoC: tegra: Fix reference count leaks (git-fixes).\n- ath10k: fix array out-of-bounds access (git-fixes).\n- ath10k: fix memory leak for tpc_stats_final (git-fixes).\n- ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).\n- batman-adv: Add missing include for in_interrupt() (git-fixes).\n- batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).\n- batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes).\n- batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes).\n- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh (git-fixes).\n- batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes).\n- bcache: Convert pr_\u0026lt;level\u003e uses to a more typical style (git fixes (block drivers)).\n- bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)).\n- bcm63xx_enet: correct clock usage (git-fixes).\n- bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes).\n- bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes (bitfield)).\n- blktrace: fix debugfs use after free (git fixes (block drivers)).\n- block: add docs for gendisk / request_queue refcount helpers (git fixes (block drivers)).\n- block: revert back to synchronous request_queue removal (git fixes (block drivers)).\n- block: Use non _rcu version of list functions for tag_set_list (git-fixes).\n- Bluetooth: Fix refcount use-after-free issue (git-fixes).\n- Bluetooth: guard against controllers sending zero\u0027d events (git-fixes).\n- Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes).\n- Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes).\n- Bluetooth: prefetch channel before killing sock (git-fixes).\n- bnxt_en: Fix completion ring sizing with TPA enabled (networking-stable-20_07_29).\n- bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes).\n- btrfs: require only sector size alignment for parent eb bytenr (bsc#1176789).\n- btrfs: tree-checker: fix the error message for transid error (bsc#1176788).\n- ceph: do not allow setlease on cephfs (bsc#1177041).\n- ceph: fix potential mdsc use-after-free crash (bsc#1177042).\n- ceph: fix use-after-free for fsc-\u003emdsc (bsc#1177043).\n- ceph: handle zero-length feature mask in session messages (bsc#1177044).\n- cfg80211: regulatory: reject invalid hints (bsc#1176699).\n- cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).\n- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).\n- cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).\n- clk: Add (devm_)clk_get_optional() functions (git-fixes).\n- clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).\n- clk: samsung: exynos4: mark \u0027chipid\u0027 clock as CLK_IGNORE_UNUSED (git-fixes).\n- clk/ti/adpll: allocate room for terminating null (git-fixes).\n- clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes).\n- cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode (bsc#1176966).\n- dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate() (git-fixes).\n- dmaengine: of-dma: Fix of_dma_router_xlate\u0027s of_dma_xlate handling (git-fixes).\n- dmaengine: pl330: Fix burst length if burst size is smaller than bus width (git-fixes).\n- dmaengine: tegra-apb: Prevent race conditions on channel\u0027s freeing (git-fixes).\n- dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).\n- dm crypt: avoid truncating the logical block size (git fixes (block drivers)).\n- dm: fix redundant IO accounting for bios that need splitting (git fixes (block drivers)).\n- dm integrity: fix a deadlock due to offloading to an incorrect workqueue (git fixes (block drivers)).\n- dm integrity: fix integrity recalculation that is improperly skipped (git fixes (block drivers)).\n- dm: report suspended device during destroy (git fixes (block drivers)).\n- dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes (block drivers)).\n- dm: use noio when sending kobject event (git fixes (block drivers)).\n- dm writecache: add cond_resched to loop in persistent_memory_claim() (git fixes (block drivers)).\n- dm writecache: correct uncommitted_block when discarding uncommitted entry (git fixes (block drivers)).\n- dm zoned: assign max_io_len correctly (git fixes (block drivers)).\n- drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes).\n- Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#1176877).\n- Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).\n- drivers: net: add missing interrupt.h include (git-fixes).\n- drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes).\n- drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29).\n- drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic (git-fixes).\n- drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).\n- drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails (git-fixes).\n- drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).\n- drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).\n- drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).\n- drm/amdgpu: increase atombios cmd timeout (git-fixes).\n- drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table (git-fixes).\n- drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table (git-fixes).\n- drm/amdkfd: fix a memory leak issue (git-fixes).\n- drm/amdkfd: Fix reference count leaks (git-fixes).\n- drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).\n- drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).\n- drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) \t* context changes\n- drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail (git-fixes).\n- drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() (git-fixes).\n- drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).\n- drm/msm: add shutdown support for display platform_driver (git-fixes).\n- drm/msm: Disable preemption on all 5xx targets (git-fixes).\n- drm/msm: fix leaks if initialization fails (git-fixes).\n- drm/msm/gpu: make ringbuffer readonly (bsc#1112178) \t* context changes\n- drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).\n- drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).\n- drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open (git-fixes).\n- drm/nouveau: Fix reference count leak in nouveau_connector_detect (git-fixes).\n- drm/nouveau: fix reference count leak in nv50_disp_atomic_commit (git-fixes).\n- drm/nouveau: fix runtime pm imbalance on error (git-fixes).\n- drm/omap: fix possible object reference leak (git-fixes).\n- drm/radeon: fix multiple reference count leak (git-fixes).\n- drm/radeon: Prefer lower feedback dividers (git-fixes).\n- drm/radeon: revert \u0027Prefer lower feedback dividers\u0027 (git-fixes).\n- drm/sun4i: Fix dsi dcs long write function (git-fixes).\n- drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes).\n- drm/tve200: Stabilize enable/disable (git-fixes).\n- drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes).\n- e1000: Do not perform reset in reset_task if we are already down (git-fixes).\n- EDAC: Fix reference count leaks (bsc#1112178).\n- fbcon: prevent user font height or width change from causing (bsc#1112178)\n- Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950).\n- ftrace: Move RCU is watching check after recursion check (git-fixes).\n- ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).\n- gma/gma500: fix a memory disclosure bug due to uninitialized bytes (git-fixes).\n- gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).\n- gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() (git-fixes).\n- gtp: fix Illegal context switch in RCU read-side critical section (git-fixes).\n- gtp: fix use-after-free in gtp_newlink() (git-fixes).\n- HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage() (git-fixes).\n- hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).\n- hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).\n- hv_utils: return error if host timesysnc update is stale (bsc#1176877).\n- hwmon: (applesmc) check status earlier (git-fixes).\n- i2c: core: Do not fail PRP0001 enumeration when no ID table exist (git-fixes).\n- i2c: cpm: Fix i2c_ram structure (git-fixes).\n- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).\n- ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).\n- ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).\n- iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak (git-fixes).\n- iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).\n- iio:accel:mma7455: Fix timestamp alignment and prevent data leak (git-fixes).\n- iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).\n- iio: adc: mcp3422: fix locking on error path (git-fixes).\n- iio: adc: mcp3422: fix locking scope (git-fixes).\n- iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).\n- iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes).\n- iio: improve IIO_CONCENTRATION channel type description (git-fixes).\n- iio:light:ltr501 Fix timestamp alignment issue (git-fixes).\n- iio:light:max44000 Fix timestamp alignment and prevent data leak (git-fixes).\n- iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).\n- include: add additional sizes (bsc#1094244 ltc#168122).\n- iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177293).\n- iommu/amd: Fix potential @entry null deref (bsc#1177294).\n- iommu/amd: Print extended features in one line to fix divergent log levels (bsc#1176316).\n- iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177291).\n- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317).\n- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177295).\n- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318).\n- iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177296).\n- iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#1176319).\n- iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320).\n- kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.\n- kernel-syms.spec.in: Also use bz compression (boo#1175882).\n- KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084).\n- KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE (jsc#SLE-4084).\n- KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE (jsc#SLE-4084).\n- KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put (jsc#SLE-4084).\n- KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE (jsc#SLE-4084).\n- KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions (jsc#SLE-4084).\n- KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084).\n- KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems (jsc#SLE-4084).\n- KVM: arm64: Factor out fault info population and gic workarounds (jsc#SLE-4084).\n- KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084).\n- KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084).\n- KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084).\n- KVM: arm64: Introduce framework for accessing deferred sysregs (jsc#SLE-4084).\n- KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions (jsc#SLE-4084).\n- KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084).\n- KVM: arm64: Move common VHE/non-VHE trap config in separate functions (jsc#SLE-4084).\n- KVM: arm64: Move debug dirty flag calculation out of world switch (jsc#SLE-4084).\n- KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag (jsc#SLE-4084).\n- KVM: arm64: Move userspace system registers into separate function (jsc#SLE-4084).\n- KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers (jsc#SLE-4084).\n- KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 (jsc#SLE-4084).\n- KVM: arm64: Remove kern_hyp_va() use in VHE switch function (jsc#SLE-4084).\n- KVM: arm64: Remove noop calls to timer save/restore from VHE switch (jsc#SLE-4084).\n- KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084).\n- KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084).\n- KVM: arm64: Rewrite system register accessors to read/write functions (jsc#SLE-4084).\n- KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084).\n- KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions (jsc#SLE-4084).\n- KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE (jsc#SLE-4084).\n- KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN (jsc#SLE-4084).\n- KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs (jsc#SLE-4084).\n- KVM: arm/arm64: Get rid of vcpu-\u003earch.irq_lines (jsc#SLE-4084).\n- KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE (jsc#SLE-4084).\n- KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init (jsc#SLE-4084).\n- KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load (jsc#SLE-4084).\n- KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 (jsc#SLE-4084).\n- KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe (jsc#SLE-4084).\n- KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs (jsc#SLE-4084).\n- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate (jsc#SLE-4084).\n- KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n (jsc#SLE-4084).\n- KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code (jsc#SLE-4084).\n- KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178).\n- KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM (bsc#1176321).\n- KVM: SVM: fix svn_pin_memory()\u0027s use of get_user_pages_fast() (bsc#1112178).\n- KVM: Take vcpu-\u003emutex outside vcpu_load (jsc#SLE-4084).\n- libceph: allow setting abort_on_full for rbd (bsc#1169972).\n- libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).\n- libnvdimm: cover up struct nvdimm changes (bsc#1171742).\n- libnvdimm/security, acpi/nfit: unify zero-key for all security commands (bsc#1171742).\n- libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).\n- libnvdimm/security: Introduce a \u0027frozen\u0027 attribute (bsc#1171742).\n- lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block drivers)).\n- livepatch: Add -fdump-ipa-clones to build (). Add support for -fdump-ipa-clones GCC option. Update config files accordingly.\n- mac802154: tx: fix use-after-free (git-fixes).\n- md: raid0/linear: fix dereference before null check on pointer mddev (git fixes (block drivers)).\n- media: davinci: vpif_capture: fix potential double free (git-fixes).\n- media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq() (git-fixes).\n- media: smiapp: Fix error handling at NVM reading (git-fixes).\n- media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).\n- mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).\n- mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes).\n- mm: Avoid calling build_all_zonelists_init under hotplug context (bsc#1154366).\n- mmc: cqhci: Add cqhci_deactivate() (git-fixes).\n- mmc: sdhci-msm: Add retries when all tuning phases are found valid (git-fixes).\n- mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes).\n- mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes).\n- mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes (mm/pgalloc)).\n- mm/vmalloc.c: move \u0027area-\u003epages\u0027 after if statement (git fixes (mm/vmalloc)).\n- mtd: cfi_cmdset_0002: do not free cfi-\u003ecfiq in error path of cfi_amdstd_setup() (git-fixes).\n- mtd: lpddr: Fix a double free in probe() (git-fixes).\n- mtd: phram: fix a double free issue in error path (git-fixes).\n- mtd: properly check all write ioctls for permissions (git-fixes).\n- net: 8390: Fix manufacturer name in Kconfig help text (git-fixes).\n- net: amd: fix return type of ndo_start_xmit function (git-fixes).\n- net/amd: Remove useless driver version (git-fixes).\n- net: amd-xgbe: fix comparison to bitshift when dealing with a mask (git-fixes).\n- net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes).\n- net: apple: Fix manufacturer name in Kconfig help text (git-fixes).\n- net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes).\n- net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes).\n- net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes).\n- net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes).\n- net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes).\n- net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes).\n- net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() (git-fixes).\n- net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes).\n- net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes).\n- net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes).\n- net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes).\n- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (git-fixes).\n- net: fs_enet: do not call phy_stop() in interrupts (git-fixes).\n- net: initialize fastreuse on inet_inherit_port (networking-stable-20_08_15).\n- net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes).\n- net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08).\n- net: lio_core: fix potential sign-extension overflow on large shift (git-fixes).\n- net/mlx5: Add meaningful return codes to status_to_err function (git-fixes).\n- net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes).\n- net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded (git-fixes).\n- net: mvmdio: defer probe of orion-mdio if a clock is not ready (git-fixes).\n- net: mvneta: fix mtu change on port without link (git-fixes).\n- net-next: ax88796: Do not free IRQ in ax_remove() (already freed in ax_close()) (git-fixes).\n- net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).\n- net: qca_spi: Avoid packet drop during initial sync (git-fixes).\n- net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes).\n- net: refactor bind_bucket fastreuse into helper (networking-stable-20_08_15).\n- net/smc: fix dmb buffer shortage (git-fixes).\n- net/smc: fix restoring of fallback changes (git-fixes).\n- net/smc: fix sock refcounting in case of termination (git-fixes).\n- net/smc: improve close of terminated socket (git-fixes).\n- net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes).\n- net/smc: remove freed buffer from list (git-fixes).\n- net/smc: reset sndbuf_desc if freed (git-fixes).\n- net/smc: set rx_off for SMCR explicitly (git-fixes).\n- net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).\n- net/smc: tolerate future SMCD versions (git-fixes).\n- net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() (git-fixes).\n- net: stmmac: Disable ACS Feature for GMAC \u003e= 4 (git-fixes).\n- net: stmmac: do not stop NAPI processing when dropping a packet (git-fixes).\n- net: stmmac: dwmac4: fix flow control issue (git-fixes).\n- net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function (git-fixes).\n- net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array (git-fixes).\n- net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration (git-fixes).\n- net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b (git-fixes).\n- net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs (git-fixes).\n- net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode (git-fixes).\n- net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock (git-fixes).\n- net: stmmac: Fix error handling path in \u0027alloc_dma_rx_desc_resources()\u0027 (git-fixes).\n- net: stmmac: Fix error handling path in \u0027alloc_dma_tx_desc_resources()\u0027 (git-fixes).\n- net: stmmac: rename dwmac4_tx_queue_routing() to match reality (git-fixes).\n- net: stmmac: set MSS for each tx DMA channel (git-fixes).\n- net: stmmac: Use correct values in TQS/RQS fields (git-fixes).\n- net-sysfs: add a newline when printing \u0027tx_timeout\u0027 by sysfs (networking-stable-20_07_29).\n- net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes).\n- net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb() (git-fixes).\n- net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (git-fixes).\n- net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes).\n- net: ucc_geth - fix Oops when changing number of buffers in the ring (git-fixes).\n- NFSv4: do not mark all open state for recovery when handling recallable state revoked flag (bsc#1176935).\n- nvme-fc: set max_segments to lldd max value (bsc#1176038).\n- nvme-pci: override the value of the controller\u0027s numa node (bsc#1176507).\n- ocfs2: give applications more IO opportunities during fstrim (bsc#1175228).\n- omapfb: fix multiple reference count leaks due to pm_runtime_get_sync (git-fixes).\n- PCI/ASPM: Allow re-enabling Clock PM (git-fixes).\n- PCI: Fix pci_create_slot() reference count leak (git-fixes).\n- PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes).\n- PCI: qcom: Add missing reset for ipq806x (git-fixes).\n- PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes).\n- PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes).\n- PCI: rcar: Fix incorrect programming of OB windows (git-fixes).\n- phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes).\n- pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).\n- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes).\n- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes).\n- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes).\n- powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244 ltc#168122).\n- powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244 ltc#168122).\n- powerpc/64s: Fix unrelocated interrupt trampoline address test (bsc#1094244 ltc#168122).\n- powerpc/64s: Include \u0026lt;asm/nmi.h\u003e header file to fix a warning (bsc#1094244 ltc#168122).\n- powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#168122).\n- powerpc/64s: sreset panic if there is no debugger or crash dump handlers (bsc#1094244 ltc#168122).\n- powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244 ltc#168122).\n- powerpc: Add cputime_to_nsecs() (bsc#1065729).\n- powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE (bsc#1055186 ltc#153436).\n- powerpc/book3s64/radix: Fix boot failure with large amount of guest memory (bsc#1176022 ltc#187208).\n- powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).\n- powerpc/init: Do not advertise radix during client-architecture-support (bsc#1055186 ltc#153436 ).\n- powerpc/kernel: Cleanup machine check function declarations (bsc#1065729).\n- powerpc/kernel: Enables memory hot-remove after reboot on pseries guests (bsc#1177030 ltc#187588).\n- powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436).\n- powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#1177030 ltc#187588).\n- powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 (bsc#1176022 ltc#187208).\n- powerpc/powernv: Remove real mode access limit for early allocations (bsc#1176022 ltc#187208).\n- powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436).\n- powerpc/pseries/le: Work around a firmware quirk (bsc#1094244 ltc#168122).\n- powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208).\n- powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122).\n- powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack (bsc#1094244 ltc#168122).\n- powerpc/pseries: radix is not subject to RMA limit, remove it (bsc#1176022 ltc#187208).\n- powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244 ltc#168122).\n- powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).\n- powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244 ltc#168122).\n- powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#168122).\n- powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).\n- powerpc/traps: fix recoverability of machine check handling on book3s/32 (bsc#1094244 ltc#168122).\n- powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244 ltc#168122).\n- powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S (bsc#1065729).\n- power: supply: max17040: Correct voltage reading (git-fixes).\n- rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes (rcu)).\n- regulator: push allocation in set_consumer_device_supply() out of lock (git-fixes).\n- Revert \u0027ALSA: hda: Add support for Loongson 7A1000 controller\u0027 (git-fixes).\n- Revert \u0027ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control\u0027 (git-fixes).\n- Revert \u0027i2c: cadence: Fix the hold bit setting\u0027 (git-fixes).\n- rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869 ltc#188243).\n- rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)\n- rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#SLE-13618).\n- rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, \u0027--ca-check\u0027 is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package (KMP), it\u0027s used to determine whether the %post script is running in a kernel package, or a kernel module package.\n- rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).\n- rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#1176698) The \u0027-c\u0027 option wasn\u0027t passed down to %_kernel_module_package so the ueficert subpackage wasn\u0027t generated even if the certificate is specified in the spec file.\n- rtc: ds1374: fix possible race condition (git-fixes).\n- rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).\n- rxrpc: Fix race between recvmsg and sendmsg on immediate call failure (networking-stable-20_08_08).\n- rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (networking-stable-20_07_29).\n- s390/mm: fix huge pte soft dirty copying (git-fixes).\n- s390/qeth: do not process empty bridge port events (git-fixes).\n- s390/qeth: integrate RX refill worker with NAPI (git-fixes).\n- s390/qeth: tolerate pre-filled RX buffer (git-fixes).\n- scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).\n- scsi: fnic: Do not call \u0027scsi_done()\u0027 for unhandled commands (bsc#1168468, bsc#1171675).\n- scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#188304).\n- scsi: ibmvfc: Use compiler attribute defines instead of __attribute__() (bsc#1176962 ltc#188304).\n- scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).\n- scsi: libfc: Fix for double free() (bsc#1174899).\n- scsi: libfc: free response frame from GPN_ID (bsc#1174899).\n- scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#1174899).\n- scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).\n- scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).\n- scsi: qla2xxx: Fix regression on sparc64 (git-fixes).\n- scsi: qla2xxx: Fix the return value (bsc#1171688).\n- scsi: qla2xxx: Fix the size used in a \u0027dma_free_coherent()\u0027 call (bsc#1171688).\n- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#1171688).\n- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#1171688).\n- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).\n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (bsc#1171688).\n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).\n- scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).\n- scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).\n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (bsc#1171688).\n- scsi: qla2xxx: Suppress two recently introduced compiler warnings (git-fixes).\n- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (bsc#1171688).\n- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 (git-fixes).\n- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 (git-fixes).\n- serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes).\n- serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes).\n- serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).\n- Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084).\n- smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).\n- smb3: Honor \u0027seal\u0027 flag for multiuser mounts (bsc#1176545).\n- smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).\n- staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes).\n- stmmac: Do not access tx_q-\u003edirty_tx before netif_tx_lock (git-fixes).\n- tcp: apply a floor of 1 for RTT samples from TCP timestamps (networking-stable-20_08_08).\n- thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 (git-fixes).\n- tools/power/cpupower: Fix initializer override in hsw_ext_cstates (bsc#1112178).\n- usb: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).\n- usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes).\n- usb: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).\n- usb: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes).\n- usb: Fix out of sync data toggle if a configured device is reconfigured (git-fixes).\n- usb: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).\n- usb: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).\n- usb: gadget: u_f: add overflow checks to VLA macros (git-fixes).\n- usb: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).\n- usb: hso: check for return value in hso_serial_common_create() (networking-stable-20_08_08).\n- usblp: fix race between disconnect() and read() (git-fixes).\n- usb: lvtest: return proper error code in probe (git-fixes).\n- usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set (git-fixes).\n- usb: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes).\n- usb: quirks: Add no-lpm quirk for another Raydium touchscreen (git-fixes).\n- usb: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook (git-fixes).\n- usb: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D (git-fixes).\n- usb: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).\n- usb: serial: option: add support for SIM7070/SIM7080/SIM7090 modules (git-fixes).\n- usb: serial: option: support dynamic Quectel USB compositions (git-fixes).\n- usb: sisusbvga: Fix a potential UB casued by left shifting a negative value (git-fixes).\n- usb: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).\n- usb: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).\n- usb: uas: Add quirk for PNY Pro Elite (git-fixes).\n- usb: UAS: fix disconnect by unplugging a hub (git-fixes).\n- usb: yurex: Fix bad gfp argument (git-fixes).\n- vgacon: remove software scrollback support (bsc#1176278).\n- video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).\n- virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes (block drivers)).\n- vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).\n- vrf: prevent adding upper devices (git-fixes).\n- vxge: fix return of a free\u0027d memblock on a failed dma mapping (git-fixes).\n- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178).\n- xen: do not reschedule in preemption off sections (bsc#1175749).\n- xen/events: do not use chip_data for legacy IRQs (bsc#1065600).\n- XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (bsc#1065600).\n- xgbe: no need to check return value of debugfs_create functions (git-fixes).\n- xgbe: switch to more generic VxLAN detection (git-fixes).\n- xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).\n- yam: fix possible memory leak in yam_init_driver (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1655",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1655-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1655-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TH734NYI5EZD4XQ2VE5Y7HNPWOK3EVXA/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1655-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TH734NYI5EZD4XQ2VE5Y7HNPWOK3EVXA/"
},
{
"category": "self",
"summary": "SUSE Bug 1055186",
"url": "https://bugzilla.suse.com/1055186"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1094244",
"url": "https://bugzilla.suse.com/1094244"
},
{
"category": "self",
"summary": "SUSE Bug 1112178",
"url": "https://bugzilla.suse.com/1112178"
},
{
"category": "self",
"summary": "SUSE Bug 1113956",
"url": "https://bugzilla.suse.com/1113956"
},
{
"category": "self",
"summary": "SUSE Bug 1154366",
"url": "https://bugzilla.suse.com/1154366"
},
{
"category": "self",
"summary": "SUSE Bug 1167527",
"url": "https://bugzilla.suse.com/1167527"
},
{
"category": "self",
"summary": "SUSE Bug 1168468",
"url": "https://bugzilla.suse.com/1168468"
},
{
"category": "self",
"summary": "SUSE Bug 1169972",
"url": "https://bugzilla.suse.com/1169972"
},
{
"category": "self",
"summary": "SUSE Bug 1171675",
"url": "https://bugzilla.suse.com/1171675"
},
{
"category": "self",
"summary": "SUSE Bug 1171688",
"url": "https://bugzilla.suse.com/1171688"
},
{
"category": "self",
"summary": "SUSE Bug 1171742",
"url": "https://bugzilla.suse.com/1171742"
},
{
"category": "self",
"summary": "SUSE Bug 1173115",
"url": "https://bugzilla.suse.com/1173115"
},
{
"category": "self",
"summary": "SUSE Bug 1174899",
"url": "https://bugzilla.suse.com/1174899"
},
{
"category": "self",
"summary": "SUSE Bug 1175228",
"url": "https://bugzilla.suse.com/1175228"
},
{
"category": "self",
"summary": "SUSE Bug 1175749",
"url": "https://bugzilla.suse.com/1175749"
},
{
"category": "self",
"summary": "SUSE Bug 1175882",
"url": "https://bugzilla.suse.com/1175882"
},
{
"category": "self",
"summary": "SUSE Bug 1176011",
"url": "https://bugzilla.suse.com/1176011"
},
{
"category": "self",
"summary": "SUSE Bug 1176022",
"url": "https://bugzilla.suse.com/1176022"
},
{
"category": "self",
"summary": "SUSE Bug 1176038",
"url": "https://bugzilla.suse.com/1176038"
},
{
"category": "self",
"summary": "SUSE Bug 1176069",
"url": "https://bugzilla.suse.com/1176069"
},
{
"category": "self",
"summary": "SUSE Bug 1176235",
"url": "https://bugzilla.suse.com/1176235"
},
{
"category": "self",
"summary": "SUSE Bug 1176242",
"url": "https://bugzilla.suse.com/1176242"
},
{
"category": "self",
"summary": "SUSE Bug 1176278",
"url": "https://bugzilla.suse.com/1176278"
},
{
"category": "self",
"summary": "SUSE Bug 1176316",
"url": "https://bugzilla.suse.com/1176316"
},
{
"category": "self",
"summary": "SUSE Bug 1176317",
"url": "https://bugzilla.suse.com/1176317"
},
{
"category": "self",
"summary": "SUSE Bug 1176318",
"url": "https://bugzilla.suse.com/1176318"
},
{
"category": "self",
"summary": "SUSE Bug 1176319",
"url": "https://bugzilla.suse.com/1176319"
},
{
"category": "self",
"summary": "SUSE Bug 1176320",
"url": "https://bugzilla.suse.com/1176320"
},
{
"category": "self",
"summary": "SUSE Bug 1176321",
"url": "https://bugzilla.suse.com/1176321"
},
{
"category": "self",
"summary": "SUSE Bug 1176381",
"url": "https://bugzilla.suse.com/1176381"
},
{
"category": "self",
"summary": "SUSE Bug 1176423",
"url": "https://bugzilla.suse.com/1176423"
},
{
"category": "self",
"summary": "SUSE Bug 1176482",
"url": "https://bugzilla.suse.com/1176482"
},
{
"category": "self",
"summary": "SUSE Bug 1176507",
"url": "https://bugzilla.suse.com/1176507"
},
{
"category": "self",
"summary": "SUSE Bug 1176536",
"url": "https://bugzilla.suse.com/1176536"
},
{
"category": "self",
"summary": "SUSE Bug 1176544",
"url": "https://bugzilla.suse.com/1176544"
},
{
"category": "self",
"summary": "SUSE Bug 1176545",
"url": "https://bugzilla.suse.com/1176545"
},
{
"category": "self",
"summary": "SUSE Bug 1176546",
"url": "https://bugzilla.suse.com/1176546"
},
{
"category": "self",
"summary": "SUSE Bug 1176548",
"url": "https://bugzilla.suse.com/1176548"
},
{
"category": "self",
"summary": "SUSE Bug 1176659",
"url": "https://bugzilla.suse.com/1176659"
},
{
"category": "self",
"summary": "SUSE Bug 1176698",
"url": "https://bugzilla.suse.com/1176698"
},
{
"category": "self",
"summary": "SUSE Bug 1176699",
"url": "https://bugzilla.suse.com/1176699"
},
{
"category": "self",
"summary": "SUSE Bug 1176700",
"url": "https://bugzilla.suse.com/1176700"
},
{
"category": "self",
"summary": "SUSE Bug 1176721",
"url": "https://bugzilla.suse.com/1176721"
},
{
"category": "self",
"summary": "SUSE Bug 1176722",
"url": "https://bugzilla.suse.com/1176722"
},
{
"category": "self",
"summary": "SUSE Bug 1176725",
"url": "https://bugzilla.suse.com/1176725"
},
{
"category": "self",
"summary": "SUSE Bug 1176732",
"url": "https://bugzilla.suse.com/1176732"
},
{
"category": "self",
"summary": "SUSE Bug 1176788",
"url": "https://bugzilla.suse.com/1176788"
},
{
"category": "self",
"summary": "SUSE Bug 1176789",
"url": "https://bugzilla.suse.com/1176789"
},
{
"category": "self",
"summary": "SUSE Bug 1176869",
"url": "https://bugzilla.suse.com/1176869"
},
{
"category": "self",
"summary": "SUSE Bug 1176877",
"url": "https://bugzilla.suse.com/1176877"
},
{
"category": "self",
"summary": "SUSE Bug 1176935",
"url": "https://bugzilla.suse.com/1176935"
},
{
"category": "self",
"summary": "SUSE Bug 1176950",
"url": "https://bugzilla.suse.com/1176950"
},
{
"category": "self",
"summary": "SUSE Bug 1176962",
"url": "https://bugzilla.suse.com/1176962"
},
{
"category": "self",
"summary": "SUSE Bug 1176966",
"url": "https://bugzilla.suse.com/1176966"
},
{
"category": "self",
"summary": "SUSE Bug 1176990",
"url": "https://bugzilla.suse.com/1176990"
},
{
"category": "self",
"summary": "SUSE Bug 1177030",
"url": "https://bugzilla.suse.com/1177030"
},
{
"category": "self",
"summary": "SUSE Bug 1177041",
"url": "https://bugzilla.suse.com/1177041"
},
{
"category": "self",
"summary": "SUSE Bug 1177042",
"url": "https://bugzilla.suse.com/1177042"
},
{
"category": "self",
"summary": "SUSE Bug 1177043",
"url": "https://bugzilla.suse.com/1177043"
},
{
"category": "self",
"summary": "SUSE Bug 1177044",
"url": "https://bugzilla.suse.com/1177044"
},
{
"category": "self",
"summary": "SUSE Bug 1177121",
"url": "https://bugzilla.suse.com/1177121"
},
{
"category": "self",
"summary": "SUSE Bug 1177206",
"url": "https://bugzilla.suse.com/1177206"
},
{
"category": "self",
"summary": "SUSE Bug 1177258",
"url": "https://bugzilla.suse.com/1177258"
},
{
"category": "self",
"summary": "SUSE Bug 1177291",
"url": "https://bugzilla.suse.com/1177291"
},
{
"category": "self",
"summary": "SUSE Bug 1177293",
"url": "https://bugzilla.suse.com/1177293"
},
{
"category": "self",
"summary": "SUSE Bug 1177294",
"url": "https://bugzilla.suse.com/1177294"
},
{
"category": "self",
"summary": "SUSE Bug 1177295",
"url": "https://bugzilla.suse.com/1177295"
},
{
"category": "self",
"summary": "SUSE Bug 1177296",
"url": "https://bugzilla.suse.com/1177296"
},
{
"category": "self",
"summary": "SUSE Bug 962356",
"url": "https://bugzilla.suse.com/962356"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0404 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0404/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0427 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0427/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0431 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0431/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-0432 page",
"url": "https://www.suse.com/security/cve/CVE-2020-0432/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14381 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14386 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14390 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25212 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25284 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25641 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25643 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25643/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26088 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26088/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2020-10-11T13:53:22Z",
"generator": {
"date": "2020-10-11T13:53:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1655-1",
"initial_release_date": "2020-10-11T13:53:22Z",
"revision_history": [
{
"date": "2020-10-11T13:53:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-lp151.28.71.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-lp151.28.71.1.noarch",
"product_id": "kernel-devel-4.12.14-lp151.28.71.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-lp151.28.71.1.noarch",
"product": {
"name": "kernel-docs-4.12.14-lp151.28.71.1.noarch",
"product_id": "kernel-docs-4.12.14-lp151.28.71.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"product_id": "kernel-docs-html-4.12.14-lp151.28.71.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-lp151.28.71.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-lp151.28.71.1.noarch",
"product_id": "kernel-macros-4.12.14-lp151.28.71.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-lp151.28.71.1.noarch",
"product": {
"name": "kernel-source-4.12.14-lp151.28.71.1.noarch",
"product_id": "kernel-source-4.12.14-lp151.28.71.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-debug-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-debug-base-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-default-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-default-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-default-base-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-default-devel-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-obs-build-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"product_id": "kernel-syms-4.12.14-lp151.28.71.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-vanilla-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-base-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-default-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-lp151.28.71.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-lp151.28.71.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-4.12.14-lp151.28.71.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch"
},
"product_reference": "kernel-docs-4.12.14-lp151.28.71.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-4.12.14-lp151.28.71.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch"
},
"product_reference": "kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-lp151.28.71.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-lp151.28.71.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-lp151.28.71.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch"
},
"product_reference": "kernel-source-4.12.14-lp151.28.71.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch"
},
"product_reference": "kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-lp151.28.71.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
},
"product_reference": "kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-0404",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0404"
}
],
"notes": [
{
"category": "general",
"text": "In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0404",
"url": "https://www.suse.com/security/cve/CVE-2020-0404"
},
{
"category": "external",
"summary": "SUSE Bug 1176423 for CVE-2020-0404",
"url": "https://bugzilla.suse.com/1176423"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "moderate"
}
],
"title": "CVE-2020-0404"
},
{
"cve": "CVE-2020-0427",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0427"
}
],
"notes": [
{
"category": "general",
"text": "In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0427",
"url": "https://www.suse.com/security/cve/CVE-2020-0427"
},
{
"category": "external",
"summary": "SUSE Bug 1176725 for CVE-2020-0427",
"url": "https://bugzilla.suse.com/1176725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "moderate"
}
],
"title": "CVE-2020-0427"
},
{
"cve": "CVE-2020-0431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0431"
}
],
"notes": [
{
"category": "general",
"text": "In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0431",
"url": "https://www.suse.com/security/cve/CVE-2020-0431"
},
{
"category": "external",
"summary": "SUSE Bug 1176722 for CVE-2020-0431",
"url": "https://bugzilla.suse.com/1176722"
},
{
"category": "external",
"summary": "SUSE Bug 1176896 for CVE-2020-0431",
"url": "https://bugzilla.suse.com/1176896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "important"
}
],
"title": "CVE-2020-0431"
},
{
"cve": "CVE-2020-0432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-0432"
}
],
"notes": [
{
"category": "general",
"text": "In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-0432",
"url": "https://www.suse.com/security/cve/CVE-2020-0432"
},
{
"category": "external",
"summary": "SUSE Bug 1176721 for CVE-2020-0432",
"url": "https://bugzilla.suse.com/1176721"
},
{
"category": "external",
"summary": "SUSE Bug 1177165 for CVE-2020-0432",
"url": "https://bugzilla.suse.com/1177165"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "important"
}
],
"title": "CVE-2020-0432"
},
{
"cve": "CVE-2020-14381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14381"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14381",
"url": "https://www.suse.com/security/cve/CVE-2020-14381"
},
{
"category": "external",
"summary": "SUSE Bug 1176011 for CVE-2020-14381",
"url": "https://bugzilla.suse.com/1176011"
},
{
"category": "external",
"summary": "SUSE Bug 1176012 for CVE-2020-14381",
"url": "https://bugzilla.suse.com/1176012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "important"
}
],
"title": "CVE-2020-14381"
},
{
"cve": "CVE-2020-14386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14386"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14386",
"url": "https://www.suse.com/security/cve/CVE-2020-14386"
},
{
"category": "external",
"summary": "SUSE Bug 1176069 for CVE-2020-14386",
"url": "https://bugzilla.suse.com/1176069"
},
{
"category": "external",
"summary": "SUSE Bug 1176072 for CVE-2020-14386",
"url": "https://bugzilla.suse.com/1176072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "important"
}
],
"title": "CVE-2020-14386"
},
{
"cve": "CVE-2020-14390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14390"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14390",
"url": "https://www.suse.com/security/cve/CVE-2020-14390"
},
{
"category": "external",
"summary": "SUSE Bug 1176235 for CVE-2020-14390",
"url": "https://bugzilla.suse.com/1176235"
},
{
"category": "external",
"summary": "SUSE Bug 1176253 for CVE-2020-14390",
"url": "https://bugzilla.suse.com/1176253"
},
{
"category": "external",
"summary": "SUSE Bug 1176278 for CVE-2020-14390",
"url": "https://bugzilla.suse.com/1176278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "important"
}
],
"title": "CVE-2020-14390"
},
{
"cve": "CVE-2020-25212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25212"
}
],
"notes": [
{
"category": "general",
"text": "A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25212",
"url": "https://www.suse.com/security/cve/CVE-2020-25212"
},
{
"category": "external",
"summary": "SUSE Bug 1176381 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1176381"
},
{
"category": "external",
"summary": "SUSE Bug 1176382 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1176382"
},
{
"category": "external",
"summary": "SUSE Bug 1177027 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1177027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "important"
}
],
"title": "CVE-2020-25212"
},
{
"cve": "CVE-2020-25284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25284"
}
],
"notes": [
{
"category": "general",
"text": "The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25284",
"url": "https://www.suse.com/security/cve/CVE-2020-25284"
},
{
"category": "external",
"summary": "SUSE Bug 1176482 for CVE-2020-25284",
"url": "https://bugzilla.suse.com/1176482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "moderate"
}
],
"title": "CVE-2020-25284"
},
{
"cve": "CVE-2020-25641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25641"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25641",
"url": "https://www.suse.com/security/cve/CVE-2020-25641"
},
{
"category": "external",
"summary": "SUSE Bug 1177121 for CVE-2020-25641",
"url": "https://bugzilla.suse.com/1177121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "moderate"
}
],
"title": "CVE-2020-25641"
},
{
"cve": "CVE-2020-25643",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25643"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25643",
"url": "https://www.suse.com/security/cve/CVE-2020-25643"
},
{
"category": "external",
"summary": "SUSE Bug 1177206 for CVE-2020-25643",
"url": "https://bugzilla.suse.com/1177206"
},
{
"category": "external",
"summary": "SUSE Bug 1177226 for CVE-2020-25643",
"url": "https://bugzilla.suse.com/1177226"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "important"
}
],
"title": "CVE-2020-25643"
},
{
"cve": "CVE-2020-26088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26088"
}
],
"notes": [
{
"category": "general",
"text": "A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26088",
"url": "https://www.suse.com/security/cve/CVE-2020-26088"
},
{
"category": "external",
"summary": "SUSE Bug 1176990 for CVE-2020-26088",
"url": "https://bugzilla.suse.com/1176990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.71.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.71.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.71.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.71.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-10-11T13:53:22Z",
"details": "moderate"
}
],
"title": "CVE-2020-26088"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…