csaf_opensuse - opensuse-su-2020:1906-1

Vulnerability from csaf_opensuse

Published

2020-11-14 08:15

Modified

2020-11-14 08:15

Summary

Security update for the Linux Kernel

Notes

Title of the patch

Security update for the Linux Kernel

Description of the patch

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25668: Make FONTX ioctl use the tty pointer they were actually passed (bsc#1178123). - CVE-2020-25656: Extend func_buf_lock to readers (bnc#1177766). - CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485). - CVE-2020-14351: Fixed race in the perf_mmap_close() function (bsc#1177086). - CVE-2020-8694: Restrict energy meter to root access (bsc#1170415). - CVE-2020-16120: Check permission to open real file in overlayfs (bsc#1177470). - CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721) The following non-security bugs were fixed: - ACPI: Always build evged in (git-fixes). - ACPI: button: fix handling lid state changes when input device closed (git-fixes). - ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24). - Add CONFIG_CHECK_CODESIGN_EKU - ALSA: ac97: (cosmetic) align argument names (git-fixes). - ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: asihpi: fix spellint typo in comments (git-fixes). - ALSA: atmel: ac97: clarify operator precedence (git-fixes). - ALSA: bebob: potential info leak in hwdep_read() (git-fixes). - ALSA: compress_offload: remove redundant initialization (git-fixes). - ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes). - ALSA: core: pcm: simplify locking for timers (git-fixes). - ALSA: core: timer: clarify operator precedence (git-fixes). - ALSA: core: timer: remove redundant assignment (git-fixes). - ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes). - ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes). - ALSA: fix kernel-doc markups (git-fixes). - ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes). - ALSA: hda: (cosmetic) align function parameters (git-fixes). - ALSA: hda - Do not register a cb func if it is registered already (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes). - ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes). - ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes). - ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes). - ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes). - ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes). - ALSA: hda: use semicolons rather than commas to separate statements (git-fixes). - ALSA: hdspm: Fix typo arbitary (git-fixes). - ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes). - ALSA: portman2x4: fix repeated word 'if' (git-fixes). - ALSA: rawmidi: (cosmetic) align function parameters (git-fixes). - ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes). - ALSA: sparc: dbri: fix repeated word 'the' (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes). - ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes). - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes). - ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes). - ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes). - ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes). - ALSA: usb: scarless_gen2: fix endianness issue (git-fixes). - ALSA: vx: vx_core: clarify operator precedence (git-fixes). - ALSA: vx: vx_pcm: remove redundant assignment (git-fixes). - ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes). - ASoC: cs42l51: manage mclk shutdown delay (git-fixes). - ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes). - ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes). - ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes). - ASoC: qcom: lpass-platform: fix memory leak (git-fixes). - ASoC: qcom: sdm845: set driver name correctly (git-fixes). - ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes). - ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes). - ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: provide survey info as accumulated data (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes). - ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes). - ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes). - ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes). - ath9k_htc: Use appropriate rs_datalen type (git-fixes). - backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes). - blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750). - block: ensure bdi->io_pages is always initialized (bsc#1177749). - block: Fix page_is_mergeable() for compound pages (bsc#1177814). - block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes). - Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes). - Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes). - Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes). - Bluetooth: Only mark socket zapped after unlocking (git-fixes). - bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes). - bonding: show saner speed for broadcast mode (networking-stable-20_08_24). - brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes). - brcmfmac: check ndev pointer (git-fixes). - brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes). - btrfs: Account for merged patches upstream Move below patches to sorted section. - btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854). - btrfs: allocate scrub workqueues outside of locks (bsc#1178183). - btrfs: cleanup cow block on error (bsc#1178584). - btrfs: do not force read-only after error in drop snapshot (bsc#1176354). - btrfs: drop path before adding new uuid tree entry (bsc#1178176). - btrfs: fix filesystem corruption after a device replace (bsc#1178395). - btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190). - btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191). - btrfs: fix space cache memory leak after transaction abort (bsc#1178173). - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395). - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395). - btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856). - btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855). - btrfs: reschedule if necessary when logging directory items (bsc#1178585). - btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579). - btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581). - btrfs: set the correct lockdep class for new nodes (bsc#1178184). - btrfs: set the lockdep class for log tree extent buffers (bsc#1178186). - btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes). - can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes). - can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes). - ceph: promote to unsigned long long before shifting (bsc#1178175). - clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes). - clk: at91: remove the checking of parent_name (git-fixes). - clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes). - clk: imx8mq: Fix usdhc parents order (git-fixes). - clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes). - clk: meson: g12a: mark fclk_div2 as critical (git-fixes). - clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes). - crypto: ccp - fix error handling (git-fixes). - cxgb4: fix memory leak during module unload (networking-stable-20_09_24). - cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24). - cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes). - dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817). - Disable module compression on SLE15 SP2 (bsc#1178307) - dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743). - dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743). - dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743). - dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743). - dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743). - dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743). - dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743). - dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743). - dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743). - dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743). - dma-direct: remove the dma_handle argument to __dma_direct_alloc_pages (bsc#1175898, ECO-2743). - dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes). - dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes). - dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes). - dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743). - dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743). - dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743). - dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743). - dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743). - dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743). - dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743). - dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743). - dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743). - dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743). - dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743). - dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743). - dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743). - dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743). - dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743). - dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743). - dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743). - dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743). - dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743). - dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743). - dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743). - dm: Call proper helper to determine dax support (bsc#1177817). - dm/dax: Fix table reference counts (bsc#1178246). - docs: driver-api: remove a duplicated index entry (git-fixes). - drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes). - EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489). - eeprom: at25: set minimum read/write access stride to 1 (git-fixes). - exfat: fix name_hash computation on big endian systems (git-fixes). - exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes). - exfat: fix possible memory leak in exfat_find() (git-fixes). - exfat: fix use of uninitialized spinlock on error path (git-fixes). - exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes). - exfat: fix wrong size update of stream entry by typo (git-fixes). - extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes). - futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648). - futex: Consistently use fshared as boolean (bsc#1149032). - futex: Fix incorrect should_fail_futex() handling (bsc#1149032). - futex: Remove put_futex_key() (bsc#1149032). - futex: Remove unused or redundant includes (bsc#1149032). - gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24). - gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11). - HID: hid-input: fix stylus battery reporting (git-fixes). - HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes). - HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes). - HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs (git-fixes). - i2c: imx: Fix external abort on interrupt in exit paths (git-fixes). - i2c: rcar: Auto select RESET_CONTROLLER (git-fixes). - i3c: master add i3c_master_attach_boardinfo to preserve boardinfo (git-fixes). - i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes). - ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897). - ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes). - ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes). - ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes). - ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes). - icmp: randomize the global rate limiter (git-fixes). - ida: Free allocated bitmap in error path (git-fixes). - iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes). - iio: adc: gyroadc: fix leak of device node iterator (git-fixes). - iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes). - iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes). - iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes). - iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes). - iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes). - iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes). - iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes). - ima: Do not ignore errors from crypto_shash_update() (git-fixes). - ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes). - Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes). - Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes). - Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes). - Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes). - Input: stmfts - fix a & vs && typo (git-fixes). - Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes). - Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes). - iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754). - iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739). - ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24). - ipmi_si: Fix wrong return value in try_smi_init() (git-fixes). - ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24). - ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes). - ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24). - ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24). - ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11). - ipvlan: fix device features (networking-stable-20_08_24). - iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes). - kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353). - kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes). - kbuild: enforce -Werror=return-type (bsc#1177281). - KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - leds: mt6323: move period calculation (git-fixes). - libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177). - lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes). - mac80211: handle lack of sband->bitrates in rates (git-fixes). - mailbox: avoid timer start from callback (git-fixes). - media: ati_remote: sanity check for both endpoints (git-fixes). - media: bdisp: Fix runtime PM imbalance on error (git-fixes). - media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes). - media: exynos4-is: Fix a reference count leak (git-fixes). - media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes). - media: firewire: fix memory leak (git-fixes). - media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes). - media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes). - media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes). - media: imx274: fix frame interval handling (git-fixes). - media: media/pci: prevent memory leak in bttv_probe (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes). - media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes). - media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes). - media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes). - media: saa7134: avoid a shift overflow (git-fixes). - media: st-delta: Fix reference count leak in delta_run_work (git-fixes). - media: sti: Fix reference count leaks (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes). - media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes). - media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes). - media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes). - media: vsp1: Fix runtime PM imbalance on error (git-fixes). - memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes). - memory: omap-gpmc: Fix a couple off by ones (git-fixes). - memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes). - mfd: sm501: Fix leaks in probe() (git-fixes). - mic: vop: copy data to kernel space then write to io memory (git-fixes). - misc: mic: scif: Fix error handling path (git-fixes). - misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes). - misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes). - mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes). - mm: do not panic when links can't be created in sysfs (bsc#1178002). - mm: do not rely on system state to detect hot-plug operations (bsc#1178002). - mm: fix a race during THP splitting (bsc#1178255). - mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)). - mm: madvise: fix vma user-after-free (git-fixes). - mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)). - mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)). - mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)). - mm: replace memmap_context by meminit_context (bsc#1178002). - mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)). - mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes). - mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)). - module: Correctly truncate sysfs sections output (git-fixes). - module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes). - module: Refactor section attr into bin attribute (git-fixes). - module: statically initialize init section freeing data (git-fixes). - Move upstreamed BT patch into sorted section - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - mtd: lpddr: fix excessive stack usage with clang (git-fixes). - mtd: mtdoops: Do not write panic data twice (git-fixes). - mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes). - mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes). - mtd: spinand: gigadevice: Add QE Bit (git-fixes). - mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes). - mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes). - mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes). - mwifiex: fix double free (git-fixes). - mwifiex: remove function pointer check (git-fixes). - mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes). - net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24). - net/core: check length before updating Ethertype in skb_mpls_{push,pop} (git-fixes). - net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24). - net: disable netpoll on fresh napis (networking-stable-20_09_11). - net: dsa: b53: check for timeout (networking-stable-20_08_24). - net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24). - net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24). - net: Fix bridge enslavement failure (networking-stable-20_09_24). - net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24). - net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11). - net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24). - netlabel: fix problems with mapping removal (networking-stable-20_09_11). - net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24). - net: lantiq: Use napi_complete_done() (networking-stable-20_09_24). - net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24). - net: lantiq: Wake TX queue again (networking-stable-20_09_24). - net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24). - net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24). - net/mlx5: Fix FTE cleanup (networking-stable-20_09_24). - net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461). - net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24). - net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24). - net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24). - net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24). - net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24). - net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24). - net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24). - net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11). - net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11). - net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes). - nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes). - nfp: use correct define to return NONE fec (networking-stable-20_09_24). - nl80211: fix non-split wiphy information (git-fixes). - NTB: hw: amd: fix an issue about leak system resources (git-fixes). - ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes). - nvme-rdma: fix crash due to incorrect cqe (bsc#1174748). - nvme-rdma: fix crash when connect rejected (bsc#1174748). - overflow: Include header file with SIZE_MAX declaration (git-fixes). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI: aardvark: Check for errors from pci_bridge_emul_init() call (git-fixes). - PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes). - percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)). - perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489). - perf/x86: Fix n_pair for cancelled txn (bsc#1152489). - pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes). - pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes). - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification. - PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353). - platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes). - PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079). - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes). - PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes). - powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186 ltc#153436 git-fixes). - powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729). - powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729). - powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729). - powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729). - powerpc/papr_scm: Fix warning triggered by perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729). - powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729). - powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729). - powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246 git-fixes). - powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes). - powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729). - power: supply: bq27xxx: report 'not charging' on all types (git-fixes). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - pwm: img: Fix null pointer access in probe (git-fixes). - pwm: lpss: Add range limit check for the base_unit register value (git-fixes). - pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes). - qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes). - r8169: fix issue with forced threading in combination with shared interrupts (git-fixes). - r8169: fix operation under forced interrupt threading (git-fixes). - rapidio: fix the missed put_device() for rio_mport_add_riodev (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - reset: sti: reset-syscfg: fix struct description warnings (git-fixes). - ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes). - rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592) - rtc: rx8010: do not modify the global rtc ops (git-fixes). - rtl8xxxu: prevent potential memory leak (git-fixes). - rtw88: increse the size of rx buffer size (git-fixes). - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733). - s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735). - scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729). - scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226). - scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743). - sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11). - selftests/timers: Turn off timeout setting (git-fixes). - serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes). - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes). - slimbus: core: check get_addr before removing laddr ida (git-fixes). - slimbus: core: do not enter to clock pause mode in core (git-fixes). - slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes). - soc: fsl: qbman: Fix return value on success (git-fixes). - spi: spi-s3c64xx: Check return values (git-fixes). - spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes). - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes). - taprio: Fix allowing too small intervals (networking-stable-20_09_24). - time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648). - tipc: fix memory leak caused by tipc_buf_append() (git-fixes). - tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24). - tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11). - tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24). - tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes). - tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24). - tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24). - tracing: Check return value of __create_val_fields() before using its result (git-fixes). - tracing: Save normal string variables (git-fixes). - tty: ipwireless: fix error handling (git-fixes). - tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes). - uio: free uio id after uio file node is freed (git-fixes). - USB: adutux: fix debugging (git-fixes). - usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes). - usb: cdc-acm: fix cooldown mechanism (git-fixes). - USB: cdc-acm: handle broken union descriptors (git-fixes). - USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes). - usb: core: Solve race condition in anchor cleanup functions (git-fixes). - usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes). - usb: dwc2: Fix parameter type in function pointer prototype (git-fixes). - usb: dwc3: core: add phy cleanup for probe error handling (git-fixes). - usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes). - usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes). - usb: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes). - usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes). - usb: dwc3: simple: add support for Hikey 970 (git-fixes). - usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes). - usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes). - usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes). - usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes). - usblp: fix race between disconnect() and read() (git-fixes). - usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - usb: ohci: Default to per-port over-current protection (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - USB: serial: qcserial: fix altsetting probing (git-fixes). - usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - usb: xhci-mtk: Fix typo (git-fixes). - usb: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - VMCI: check return value of get_user_pages_fast() for errors (git-fixes). - w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes). - watchdog: Fix memleak in watchdog_cdev_register (git-fixes). - watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes). - watchdog: Use put_device on error (git-fixes). - wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1177755). - writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755). - writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755). - X.509: Add CodeSigning extended key usage parsing (bsc#1177353). - x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749). - x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489). - x86/ioapic: Unbreak check_timer() (bsc#1152489). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1177765). - x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743). - x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713). - xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411). - xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411). - xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410). - xen/events: block rogue events for some time (XSA-332 bsc#1177411). - xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411). - xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411). - xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411). - xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411). - xen/gntdev.c: Mark pages as dirty (bsc#1065600). - xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411). - xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411). - xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix high key handling in the rt allocator's query_range function (git-fixes). - xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes). - xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: force the log after remapping a synchronous-writes file (git-fixes). - xfs: introduce XFS_MAX_FILEOFF (bsc#1166166). - xfs: limit entries returned when counting fsmap records (git-fixes). - xfs: remove unused variable 'done' (bsc#1166166). - xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes). - xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166). - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes).

Patchnames

openSUSE-2020-1906

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for the Linux Kernel",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "\n\nThe openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter()  (bsc#1178393).\n- CVE-2020-25668: Make FONTX ioctl use the tty pointer they were actually passed (bsc#1178123).\n- CVE-2020-25656: Extend func_buf_lock to readers (bnc#1177766).\n- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812 (bnc#1176485).\n- CVE-2020-14351: Fixed race in the perf_mmap_close() function  (bsc#1177086).\n- CVE-2020-8694: Restrict energy meter to root access (bsc#1170415).\n- CVE-2020-16120: Check permission to open real file in overlayfs (bsc#1177470).\n- CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe following non-security bugs were fixed:\n\n- ACPI: Always build evged in (git-fixes).\n- ACPI: button: fix handling lid state changes when input device closed (git-fixes).\n- ACPI: configfs: Add missing config_item_put() to fix refcount leak (git-fixes).\n- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).\n- ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).\n- ACPI / extlog: Check for RDMSR failure (git-fixes).\n- ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n- act_ife: load meta modules before tcf_idr_check_alloc() (networking-stable-20_09_24).\n- Add CONFIG_CHECK_CODESIGN_EKU\n- ALSA: ac97: (cosmetic) align argument names (git-fixes).\n- ALSA: aoa: i2sbus: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n- ALSA: asihpi: fix spellint typo in comments (git-fixes).\n- ALSA: atmel: ac97: clarify operator precedence (git-fixes).\n- ALSA: bebob: potential info leak in hwdep_read() (git-fixes).\n- ALSA: compress_offload: remove redundant initialization (git-fixes).\n- ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n- ALSA: core: pcm: simplify locking for timers (git-fixes).\n- ALSA: core: timer: clarify operator precedence (git-fixes).\n- ALSA: core: timer: remove redundant assignment (git-fixes).\n- ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).\n- ALSA: fireworks: use semicolons rather than commas to separate statements (git-fixes).\n- ALSA: fix kernel-doc markups (git-fixes).\n- ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).\n- ALSA: hda: (cosmetic) align function parameters (git-fixes).\n- ALSA: hda - Do not register a cb func if it is registered already (git-fixes).\n- ALSA: hda - Fix the return value if cb func is already registered (git-fixes).\n- ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (git-fixes).\n- ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n- ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).\n- ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).\n- ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n- ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).\n- ALSA: hda/realtek - set mic to auto detect on a HP AIO machine (git-fixes).\n- ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).\n- ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).\n- ALSA: hdspm: Fix typo arbitary (git-fixes).\n- ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).\n- ALSA: portman2x4: fix repeated word 'if' (git-fixes).\n- ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).\n- ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).\n- ALSA: sparc: dbri: fix repeated word 'the' (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n- ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).\n- ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n- ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).\n- ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).\n- ALSA: usb-audio: Line6 Pod Go interface requires static clock rate quirk (git-fixes).\n- ALSA: usb: scarless_gen2: fix endianness issue (git-fixes).\n- ALSA: vx: vx_core: clarify operator precedence (git-fixes).\n- ALSA: vx: vx_pcm: remove redundant assignment (git-fixes).\n- ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n- ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n- ASoC: fsl: imx-es8328: add missing put_device() call in imx_es8328_probe() (git-fixes).\n- ASoC: fsl_sai: Instantiate snd_soc_dai_driver (git-fixes).\n- ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n- ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).\n- ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n- ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n- ASoC: sun50i-codec-analog: Fix duplicate use of ADC enable bits (git-fixes).\n- ASoC: tlv320aic32x4: Fix bdiv clock rate derivation (git-fixes).\n- ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n- ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).\n- ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).\n- ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n- ath10k: provide survey info as accumulated data (git-fixes).\n- ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n- ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).\n- ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() (git-fixes).\n- ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).\n- ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).\n- ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n- backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).\n- blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).\n- block: ensure bdi->io_pages is always initialized (bsc#1177749).\n- block: Fix page_is_mergeable() for compound pages (bsc#1177814).\n- block: Set same_page to false in __bio_try_merge_page if ret is false (git-fixes).\n- Bluetooth: btusb: Fix memleak in btusb_mtk_submit_wmt_recv_urb (git-fixes).\n- Bluetooth: hci_uart: Cancel init work before unregistering (git-fixes).\n- Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).\n- Bluetooth: Only mark socket zapped after unlocking (git-fixes).\n- bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (git-fixes).\n- bonding: show saner speed for broadcast mode (networking-stable-20_08_24).\n- brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).\n- brcmfmac: check ndev pointer (git-fixes).\n- brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).\n- btrfs: Account for merged patches upstream Move below patches to sorted section.\n- btrfs: add owner and fs_info to alloc_state io_tree (bsc#1177854).\n- btrfs: allocate scrub workqueues outside of locks (bsc#1178183).\n- btrfs: cleanup cow block on error (bsc#1178584).\n- btrfs: do not force read-only after error in drop snapshot (bsc#1176354).\n- btrfs: drop path before adding new uuid tree entry (bsc#1178176).\n- btrfs: fix filesystem corruption after a device replace (bsc#1178395).\n- btrfs: fix NULL pointer dereference after failure to create snapshot (bsc#1178190).\n- btrfs: fix overflow when copying corrupt csums for a message (bsc#1178191).\n- btrfs: fix space cache memory leak after transaction abort (bsc#1178173).\n- btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1178395).\n- btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1178395).\n- btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).\n- btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).\n- btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n- btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n- btrfs: set the correct lockdep class for new nodes (bsc#1178184).\n- btrfs: set the lockdep class for log tree extent buffers (bsc#1178186).\n- btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).\n- can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).\n- can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).\n- can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n- can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n- can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).\n- can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n- can: flexcan: remove ack_grp and ack_bit handling from driver (git-fixes).\n- can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n- can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n- can: peak_usb: add range checking in decode operations (git-fixes).\n- can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n- can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n- can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).\n- ceph: promote to unsigned long long before shifting (bsc#1178175).\n- clk: at91: clk-main: update key before writing AT91_CKGR_MOR (git-fixes).\n- clk: at91: remove the checking of parent_name (git-fixes).\n- clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).\n- clk: imx8mq: Fix usdhc parents order (git-fixes).\n- clk: keystone: sci-clk: fix parsing assigned-clock data during probe (git-fixes).\n- clk: meson: g12a: mark fclk_div2 as critical (git-fixes).\n- clk: qcom: gcc-sdm660: Fix wrong parent_map (git-fixes).\n- crypto: ccp - fix error handling (git-fixes).\n- cxgb4: fix memory leak during module unload (networking-stable-20_09_24).\n- cxgb4: Fix offset when clearing filter byte counters (networking-stable-20_09_24).\n- cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).\n- dax: Fix compilation for CONFIG_DAX && !CONFIG_FS_DAX (bsc#1177817).\n- Disable module compression on SLE15 SP2 (bsc#1178307)\n- dma-direct: add missing set_memory_decrypted() for coherent mapping (bsc#1175898, ECO-2743).\n- dma-direct: always align allocation size in dma_direct_alloc_pages() (bsc#1175898, ECO-2743).\n- dma-direct: atomic allocations must come from atomic coherent pools (bsc#1175898, ECO-2743).\n- dma-direct: check return value when encrypting or decrypting memory (bsc#1175898, ECO-2743).\n- dma-direct: consolidate the error handling in dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n- dma-direct: make uncached_kernel_address more general (bsc#1175898, ECO-2743).\n- dma-direct: provide function to check physical memory area validity (bsc#1175898, ECO-2743).\n- dma-direct: provide mmap and get_sgtable method overrides (bsc#1175898, ECO-2743).\n- dma-direct: re-encrypt memory if dma_direct_alloc_pages() fails (bsc#1175898, ECO-2743).\n- dma-direct: remove __dma_direct_free_pages (bsc#1175898, ECO-2743).\n- dma-direct: remove the dma_handle argument to __dma_direct_alloc_pages (bsc#1175898, ECO-2743).\n- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).\n- dmaengine: dmatest: Check list for emptiness before access its last entry (git-fixes).\n- dmaengine: dw: Activate FIFO-mode for memory peripherals only (git-fixes).\n- dma-mapping: add a dma_can_mmap helper (bsc#1175898, ECO-2743).\n- dma-mapping: always use VM_DMA_COHERENT for generic DMA remap (bsc#1175898, ECO-2743).\n- dma-mapping: DMA_COHERENT_POOL should select GENERIC_ALLOCATOR (bsc#1175898, ECO-2743).\n- dma-mapping: make dma_atomic_pool_init self-contained (bsc#1175898, ECO-2743).\n- dma-mapping: merge the generic remapping helpers into dma-direct (bsc#1175898, ECO-2743).\n- dma-mapping: remove arch_dma_mmap_pgprot (bsc#1175898, ECO-2743).\n- dma-mapping: warn when coherent pool is depleted (bsc#1175898, ECO-2743).\n- dma-pool: add additional coherent pools to map to gfp mask (bsc#1175898, ECO-2743).\n- dma-pool: add pool sizes to debugfs (bsc#1175898, ECO-2743).\n- dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL (bsc#1175898, ECO-2743).\n- dma-pool: do not allocate pool memory from CMA (bsc#1175898, ECO-2743).\n- dma-pool: dynamically expanding atomic pools (bsc#1175898, ECO-2743).\n- dma-pool: Fix an uninitialized variable bug in atomic_pool_expand() (bsc#1175898, ECO-2743).\n- dma-pool: fix coherent pool allocations for IOMMU mappings (bsc#1175898, ECO-2743).\n- dma-pool: fix too large DMA pools on medium memory size systems (bsc#1175898, ECO-2743).\n- dma-pool: get rid of dma_in_atomic_pool() (bsc#1175898, ECO-2743).\n- dma-pool: introduce dma_guess_pool() (bsc#1175898, ECO-2743).\n- dma-pool: make sure atomic pool suits device (bsc#1175898, ECO-2743).\n- dma-pool: Only allocate from CMA when in same memory zone (bsc#1175898, ECO-2743).\n- dma-pool: scale the default DMA coherent pool size with memory capacity (bsc#1175898, ECO-2743).\n- dma-remap: separate DMA atomic pools from direct remap code (bsc#1175898, ECO-2743).\n- dm: Call proper helper to determine dax support (bsc#1177817).\n- dm/dax: Fix table reference counts (bsc#1178246).\n- docs: driver-api: remove a duplicated index entry (git-fixes).\n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n- EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1152489).\n- eeprom: at25: set minimum read/write access stride to 1 (git-fixes).\n- exfat: fix name_hash computation on big endian systems (git-fixes).\n- exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n- exfat: fix possible memory leak in exfat_find() (git-fixes).\n- exfat: fix use of uninitialized spinlock on error path (git-fixes).\n- exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n- exfat: fix wrong size update of stream entry by typo (git-fixes).\n- extcon: ptn5150: Fix usage of atomic GPIO with sleeping GPIO chips (git-fixes).\n- futex: Adjust absolute futex timeouts with per time namespace offset (bsc#1164648).\n- futex: Consistently use fshared as boolean (bsc#1149032).\n- futex: Fix incorrect should_fail_futex() handling (bsc#1149032).\n- futex: Remove put_futex_key() (bsc#1149032).\n- futex: Remove unused or redundant includes (bsc#1149032).\n- gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).\n- gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).\n- HID: hid-input: fix stylus battery reporting (git-fixes).\n- HID: ite: Add USB id match for Acer One S1003 keyboard dock (git-fixes).\n- HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).\n- HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).\n- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n- i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs (git-fixes).\n- i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).\n- i2c: rcar: Auto select RESET_CONTROLLER (git-fixes).\n- i3c: master add i3c_master_attach_boardinfo to preserve boardinfo (git-fixes).\n- i3c: master: Fix error return in cdns_i3c_master_probe() (git-fixes).\n- ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).\n- ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).\n- ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).\n- ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).\n- ibmvnic: set up 200GBPS speed (bsc#1129923 git-fixes).\n- icmp: randomize the global rate limiter (git-fixes).\n- ida: Free allocated bitmap in error path (git-fixes).\n- iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).\n- iio: adc: gyroadc: fix leak of device node iterator (git-fixes).\n- iio: adc: stm32-adc: fix runtime autosuspend delay when slow polling (git-fixes).\n- iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).\n- iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).\n- iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).\n- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).\n- iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).\n- iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).\n- ima: Do not ignore errors from crypto_shash_update() (git-fixes).\n- ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).\n- Input: ati_remote2 - add missing newlines when printing module parameters (git-fixes).\n- Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).\n- Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).\n- Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).\n- Input: stmfts - fix a & vs && typo (git-fixes).\n- Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).\n- Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).\n- iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).\n- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (bsc#1177739).\n- ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).\n- ipmi_si: Fix wrong return value in try_smi_init() (git-fixes).\n- ipv4: Initialize flowi4_multipath_hash in data path (networking-stable-20_09_24).\n- ipv4: Restore flowi4_oif update before call to xfrm_lookup_route (git-fixes).\n- ipv4: Update exception handling for multipath routes via same device (networking-stable-20_09_24).\n- ipv6: avoid lockdep issue in fib6_del() (networking-stable-20_09_24).\n- ipv6: Fix sysctl max for fib_multipath_hash_policy (networking-stable-20_09_11).\n- ipvlan: fix device features (networking-stable-20_08_24).\n- iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).\n- kABI: Fix kABI after add CodeSigning extended key usage (bsc#1177353).\n- kallsyms: Refactor kallsyms_show_value() to take cred (git-fixes).\n- kbuild: enforce -Werror=return-type (bsc#1177281).\n- KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages (git-fixes).\n- leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n- leds: mt6323: move period calculation (git-fixes).\n- libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178177).\n- lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).\n- mac80211: handle lack of sband->bitrates in rates (git-fixes).\n- mailbox: avoid timer start from callback (git-fixes).\n- media: ati_remote: sanity check for both endpoints (git-fixes).\n- media: bdisp: Fix runtime PM imbalance on error (git-fixes).\n- media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).\n- media: exynos4-is: Fix a reference count leak (git-fixes).\n- media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).\n- media: firewire: fix memory leak (git-fixes).\n- media: i2c: ov5640: Enable data pins on poweron for DVP mode (git-fixes).\n- media: i2c: ov5640: Remain in power down for DVP mode unless streaming (git-fixes).\n- media: i2c: ov5640: Separate out mipi configuration from s_power (git-fixes).\n- media: imx274: fix frame interval handling (git-fixes).\n- media: media/pci: prevent memory leak in bttv_probe (git-fixes).\n- media: platform: Improve queue set up flow for bug fixing (git-fixes).\n- media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).\n- media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).\n- media: rcar_drif: Allocate v4l2_async_subdev dynamically (git-fixes).\n- media: rcar_drif: Fix fwnode reference leak when parsing DT (git-fixes).\n- media: saa7134: avoid a shift overflow (git-fixes).\n- media: st-delta: Fix reference count leak in delta_run_work (git-fixes).\n- media: sti: Fix reference count leaks (git-fixes).\n- media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n- media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).\n- media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n- media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n- media: venus: core: Fix runtime PM imbalance in venus_probe (git-fixes).\n- media: vsp1: Fix runtime PM imbalance on error (git-fixes).\n- memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).\n- memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n- memory: omap-gpmc: Fix build error without CONFIG_OF (git-fixes).\n- mfd: sm501: Fix leaks in probe() (git-fixes).\n- mic: vop: copy data to kernel space then write to io memory (git-fixes).\n- misc: mic: scif: Fix error handling path (git-fixes).\n- misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).\n- misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).\n- mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).\n- mm: do not panic when links can't be created in sysfs (bsc#1178002).\n- mm: do not rely on system state to detect hot-plug operations (bsc#1178002).\n- mm: fix a race during THP splitting (bsc#1178255).\n- mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).\n- mm: madvise: fix vma user-after-free (git-fixes).\n- mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)).\n- mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)).\n- mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).\n- mm: replace memmap_context by meminit_context (bsc#1178002).\n- mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).\n- mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n- mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).\n- module: Correctly truncate sysfs sections output (git-fixes).\n- module: Do not expose section addresses to non-CAP_SYSLOG (git-fixes).\n- module: Refactor section attr into bin attribute (git-fixes).\n- module: statically initialize init section freeing data (git-fixes).\n- Move upstreamed BT patch into sorted section\n- mtd: lpddr: Fix bad logic in print_drs_error (git-fixes).\n- mtd: lpddr: fix excessive stack usage with clang (git-fixes).\n- mtd: mtdoops: Do not write panic data twice (git-fixes).\n- mtd: rawnand: stm32_fmc2: fix a buffer overflow (git-fixes).\n- mtd: rawnand: vf610: disable clk on error handling path in probe (git-fixes).\n- mtd: spinand: gigadevice: Add QE Bit (git-fixes).\n- mtd: spinand: gigadevice: Only one dummy byte in QUADIO (git-fixes).\n- mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).\n- mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).\n- mwifiex: fix double free (git-fixes).\n- mwifiex: remove function pointer check (git-fixes).\n- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n- net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU (networking-stable-20_09_24).\n- net/core: check length before updating Ethertype in skb_mpls_{push,pop} (git-fixes).\n- net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (networking-stable-20_09_24).\n- net: disable netpoll on fresh napis (networking-stable-20_09_11).\n- net: dsa: b53: check for timeout (networking-stable-20_08_24).\n- net: dsa: rtl8366: Properly clear member config (networking-stable-20_09_24).\n- net: fec: correct the error path for regulator disable in probe (networking-stable-20_08_24).\n- net: Fix bridge enslavement failure (networking-stable-20_09_24).\n- net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).\n- net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).\n- net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).\n- netlabel: fix problems with mapping removal (networking-stable-20_09_11).\n- net: lantiq: Disable IRQs only if NAPI gets scheduled (networking-stable-20_09_24).\n- net: lantiq: Use napi_complete_done() (networking-stable-20_09_24).\n- net: lantiq: use netif_tx_napi_add() for TX NAPI (networking-stable-20_09_24).\n- net: lantiq: Wake TX queue again (networking-stable-20_09_24).\n- net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported (networking-stable-20_09_24).\n- net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported (networking-stable-20_09_24).\n- net/mlx5: Fix FTE cleanup (networking-stable-20_09_24).\n- net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n- net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).\n- net: phy: Do not warn in phy_stop() on PHY_DOWN (networking-stable-20_09_24).\n- net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).\n- net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow (networking-stable-20_08_24).\n- net: sctp: Fix IPv6 ancestor_size calc in sctp_copy_descendant (networking-stable-20_09_24).\n- net: sctp: Fix negotiation of the number of data streams (networking-stable-20_08_24).\n- net/smc: Prevent kernel-infoleak in __smc_diag_dump() (networking-stable-20_08_24).\n- net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).\n- net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).\n- net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).\n- net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).\n- net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes).\n- nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes).\n- nfp: use correct define to return NONE fec (networking-stable-20_09_24).\n- nl80211: fix non-split wiphy information (git-fixes).\n- NTB: hw: amd: fix an issue about leak system resources (git-fixes).\n- ntb: intel: Fix memleak in intel_ntb_pci_probe (git-fixes).\n- nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n- nvme-rdma: fix crash when connect rejected (bsc#1174748).\n- overflow: Include header file with SIZE_MAX declaration (git-fixes).\n- p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n- PCI: aardvark: Check for errors from pci_bridge_emul_init() call (git-fixes).\n- PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n- percpu: fix first chunk size calculation for populated bitmap (git-fixes (mm/percpu)).\n- perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1152489).\n- perf/x86: Fix n_pair for cancelled txn (bsc#1152489).\n- pinctrl: mcp23s08: Fix mcp23x17 precious range (git-fixes).\n- pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser (git-fixes).\n- PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification.\n- PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification (bsc#1177353).\n- platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).\n- PM: hibernate: Batch hibernate and resume IO requests (bsc#1178079).\n- PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).\n- PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n- powerpc/book3s64/radix: Make radix_mem_block_size 64bit (bsc#1055186 ltc#153436 git-fixes).\n- powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).\n- powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).\n- powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).\n- powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).\n- powerpc/papr_scm: Fix warning triggered by perf_stats_show() (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).\n- powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).\n- powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).\n- powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).\n- powerpc/pseries: Avoid using addr_to_pfn in real mode (jsc#SLE-9246 git-fixes).\n- powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).\n- powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).\n- power: supply: bq27xxx: report 'not charging' on all types (git-fixes).\n- power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n- pwm: img: Fix null pointer access in probe (git-fixes).\n- pwm: lpss: Add range limit check for the base_unit register value (git-fixes).\n- pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes).\n- qtnfmac: fix resource leaks on unsupported iftype error return path (git-fixes).\n- r8169: fix issue with forced threading in combination with shared interrupts (git-fixes).\n- r8169: fix operation under forced interrupt threading (git-fixes).\n- rapidio: fix the missed put_device() for rio_mport_add_riodev (git-fixes).\n- regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n- reset: sti: reset-syscfg: fix struct description warnings (git-fixes).\n- ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).\n- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)\n- rtc: rx8010: do not modify the global rtc ops (git-fixes).\n- rtl8xxxu: prevent potential memory leak (git-fixes).\n- rtw88: increse the size of rx buffer size (git-fixes).\n- s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177799 LTC#188733).\n- s390/dasd: Fix zero write for FBA devices (bsc#1177801 LTC#188735).\n- scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).\n- scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).\n- scsi: mptfusion: Do not use GFP_ATOMIC for larger DMA allocations (bsc#1175898, ECO-2743).\n- sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).\n- selftests/timers: Turn off timeout setting (git-fixes).\n- serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n- slimbus: core: check get_addr before removing laddr ida (git-fixes).\n- slimbus: core: do not enter to clock pause mode in core (git-fixes).\n- slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback (git-fixes).\n- soc: fsl: qbman: Fix return value on success (git-fixes).\n- spi: spi-s3c64xx: Check return values (git-fixes).\n- spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath() (git-fixes).\n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n- staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).\n- staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n- staging: octeon: repair 'fixed-link' support (git-fixes).\n- staging: rtl8192u: Do not use GFP_KERNEL in atomic context (git-fixes).\n- taprio: Fix allowing too small intervals (networking-stable-20_09_24).\n- time: Prevent undefined behaviour in timespec64_to_ns() (bsc#1164648).\n- tipc: fix memory leak caused by tipc_buf_append() (git-fixes).\n- tipc: Fix memory leak in tipc_group_create_member() (networking-stable-20_09_24).\n- tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).\n- tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).\n- tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).\n- tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).\n- tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).\n- tracing: Check return value of __create_val_fields() before using its result (git-fixes).\n- tracing: Save normal string variables (git-fixes).\n- tty: ipwireless: fix error handling (git-fixes).\n- tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).\n- uio: free uio id after uio file node is freed (git-fixes).\n- USB: adutux: fix debugging (git-fixes).\n- usb: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).\n- usb: cdc-acm: fix cooldown mechanism (git-fixes).\n- USB: cdc-acm: handle broken union descriptors (git-fixes).\n- USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).\n- usb: core: Solve race condition in anchor cleanup functions (git-fixes).\n- usb: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).\n- usb: dwc2: Fix parameter type in function pointer prototype (git-fixes).\n- usb: dwc3: core: add phy cleanup for probe error handling (git-fixes).\n- usb: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).\n- usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).\n- usb: dwc3: gadget: Resume pending requests after CLEAR_STALL (git-fixes).\n- usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality (git-fixes).\n- usb: dwc3: simple: add support for Hikey 970 (git-fixes).\n- usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).\n- usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).\n- usb: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes).\n- usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).\n- usblp: fix race between disconnect() and read() (git-fixes).\n- usb: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n- usb: ohci: Default to per-port over-current protection (git-fixes).\n- USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n- USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).\n- USB: serial: option: add Cellient MPL200 card (git-fixes).\n- USB: serial: option: Add Telit FT980-KS composition (git-fixes).\n- USB: serial: pl2303: add device-id for HP GC device (git-fixes).\n- USB: serial: qcserial: fix altsetting probing (git-fixes).\n- usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n- usb: xhci-mtk: Fix typo (git-fixes).\n- usb: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n- VMCI: check return value of get_user_pages_fast() for errors (git-fixes).\n- w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).\n- watchdog: Fix memleak in watchdog_cdev_register (git-fixes).\n- watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3 (git-fixes).\n- watchdog: Use put_device on error (git-fixes).\n- wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).\n- writeback: Avoid skipping inode writeback (bsc#1177755).\n- writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).\n- writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).\n- X.509: Add CodeSigning extended key usage parsing (bsc#1177353).\n- x86/alternative: Do not call text_poke() in lazy TLB mode (bsc#1175749).\n- x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1152489).\n- x86/ioapic: Unbreak check_timer() (bsc#1152489).\n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (bsc#1177765).\n- x86/mm: unencrypted non-blocking DMA allocations use coherent pools (bsc#1175898, ECO-2743).\n- x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).\n- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).\n- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).\n- xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).\n- xen/events: block rogue events for some time (XSA-332 bsc#1177411).\n- xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).\n- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).\n- xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).\n- xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).\n- xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xen/pvcallsback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n- xfs: do not update mtime on COW faults (bsc#1167030).\n- xfs: fix high key handling in the rt allocator's query_range function (git-fixes).\n- xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n- xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files (git-fixes).\n- xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n- xfs: force the log after remapping a synchronous-writes file (git-fixes).\n- xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n- xfs: limit entries returned when counting fsmap records (git-fixes).\n- xfs: remove unused variable 'done' (bsc#1166166).\n- xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n- xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n- xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes).\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-2020-1906",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1906-1.json",
         },
         {
            category: "self",
            summary: "URL for openSUSE-SU-2020:1906-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W7MTGDUP74HR4XORTRYN7I7MANTKWCGQ/",
         },
         {
            category: "self",
            summary: "E-Mail link for openSUSE-SU-2020:1906-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W7MTGDUP74HR4XORTRYN7I7MANTKWCGQ/",
         },
         {
            category: "self",
            summary: "SUSE Bug 1055014",
            url: "https://bugzilla.suse.com/1055014",
         },
         {
            category: "self",
            summary: "SUSE Bug 1055186",
            url: "https://bugzilla.suse.com/1055186",
         },
         {
            category: "self",
            summary: "SUSE Bug 1061843",
            url: "https://bugzilla.suse.com/1061843",
         },
         {
            category: "self",
            summary: "SUSE Bug 1065600",
            url: "https://bugzilla.suse.com/1065600",
         },
         {
            category: "self",
            summary: "SUSE Bug 1065729",
            url: "https://bugzilla.suse.com/1065729",
         },
         {
            category: "self",
            summary: "SUSE Bug 1066382",
            url: "https://bugzilla.suse.com/1066382",
         },
         {
            category: "self",
            summary: "SUSE Bug 1077428",
            url: "https://bugzilla.suse.com/1077428",
         },
         {
            category: "self",
            summary: "SUSE Bug 1129923",
            url: "https://bugzilla.suse.com/1129923",
         },
         {
            category: "self",
            summary: "SUSE Bug 1134760",
            url: "https://bugzilla.suse.com/1134760",
         },
         {
            category: "self",
            summary: "SUSE Bug 1149032",
            url: "https://bugzilla.suse.com/1149032",
         },
         {
            category: "self",
            summary: "SUSE Bug 1152489",
            url: "https://bugzilla.suse.com/1152489",
         },
         {
            category: "self",
            summary: "SUSE Bug 1163592",
            url: "https://bugzilla.suse.com/1163592",
         },
         {
            category: "self",
            summary: "SUSE Bug 1164648",
            url: "https://bugzilla.suse.com/1164648",
         },
         {
            category: "self",
            summary: "SUSE Bug 1166146",
            url: "https://bugzilla.suse.com/1166146",
         },
         {
            category: "self",
            summary: "SUSE Bug 1166166",
            url: "https://bugzilla.suse.com/1166166",
         },
         {
            category: "self",
            summary: "SUSE Bug 1167030",
            url: "https://bugzilla.suse.com/1167030",
         },
         {
            category: "self",
            summary: "SUSE Bug 1170415",
            url: "https://bugzilla.suse.com/1170415",
         },
         {
            category: "self",
            summary: "SUSE Bug 1174748",
            url: "https://bugzilla.suse.com/1174748",
         },
         {
            category: "self",
            summary: "SUSE Bug 1174969",
            url: "https://bugzilla.suse.com/1174969",
         },
         {
            category: "self",
            summary: "SUSE Bug 1175052",
            url: "https://bugzilla.suse.com/1175052",
         },
         {
            category: "self",
            summary: "SUSE Bug 1175306",
            url: "https://bugzilla.suse.com/1175306",
         },
         {
            category: "self",
            summary: "SUSE Bug 1175721",
            url: "https://bugzilla.suse.com/1175721",
         },
         {
            category: "self",
            summary: "SUSE Bug 1175749",
            url: "https://bugzilla.suse.com/1175749",
         },
         {
            category: "self",
            summary: "SUSE Bug 1175898",
            url: "https://bugzilla.suse.com/1175898",
         },
         {
            category: "self",
            summary: "SUSE Bug 1176354",
            url: "https://bugzilla.suse.com/1176354",
         },
         {
            category: "self",
            summary: "SUSE Bug 1176485",
            url: "https://bugzilla.suse.com/1176485",
         },
         {
            category: "self",
            summary: "SUSE Bug 1176713",
            url: "https://bugzilla.suse.com/1176713",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177086",
            url: "https://bugzilla.suse.com/1177086",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177281",
            url: "https://bugzilla.suse.com/1177281",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177353",
            url: "https://bugzilla.suse.com/1177353",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177410",
            url: "https://bugzilla.suse.com/1177410",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177411",
            url: "https://bugzilla.suse.com/1177411",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177470",
            url: "https://bugzilla.suse.com/1177470",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177739",
            url: "https://bugzilla.suse.com/1177739",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177749",
            url: "https://bugzilla.suse.com/1177749",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177750",
            url: "https://bugzilla.suse.com/1177750",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177754",
            url: "https://bugzilla.suse.com/1177754",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177755",
            url: "https://bugzilla.suse.com/1177755",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177765",
            url: "https://bugzilla.suse.com/1177765",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177766",
            url: "https://bugzilla.suse.com/1177766",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177799",
            url: "https://bugzilla.suse.com/1177799",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177801",
            url: "https://bugzilla.suse.com/1177801",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177814",
            url: "https://bugzilla.suse.com/1177814",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177817",
            url: "https://bugzilla.suse.com/1177817",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177854",
            url: "https://bugzilla.suse.com/1177854",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177855",
            url: "https://bugzilla.suse.com/1177855",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177856",
            url: "https://bugzilla.suse.com/1177856",
         },
         {
            category: "self",
            summary: "SUSE Bug 1177861",
            url: "https://bugzilla.suse.com/1177861",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178002",
            url: "https://bugzilla.suse.com/1178002",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178079",
            url: "https://bugzilla.suse.com/1178079",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178123",
            url: "https://bugzilla.suse.com/1178123",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178166",
            url: "https://bugzilla.suse.com/1178166",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178173",
            url: "https://bugzilla.suse.com/1178173",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178175",
            url: "https://bugzilla.suse.com/1178175",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178176",
            url: "https://bugzilla.suse.com/1178176",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178177",
            url: "https://bugzilla.suse.com/1178177",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178183",
            url: "https://bugzilla.suse.com/1178183",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178184",
            url: "https://bugzilla.suse.com/1178184",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178185",
            url: "https://bugzilla.suse.com/1178185",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178186",
            url: "https://bugzilla.suse.com/1178186",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178190",
            url: "https://bugzilla.suse.com/1178190",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178191",
            url: "https://bugzilla.suse.com/1178191",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178246",
            url: "https://bugzilla.suse.com/1178246",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178255",
            url: "https://bugzilla.suse.com/1178255",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178307",
            url: "https://bugzilla.suse.com/1178307",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178330",
            url: "https://bugzilla.suse.com/1178330",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178393",
            url: "https://bugzilla.suse.com/1178393",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178395",
            url: "https://bugzilla.suse.com/1178395",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178461",
            url: "https://bugzilla.suse.com/1178461",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178579",
            url: "https://bugzilla.suse.com/1178579",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178581",
            url: "https://bugzilla.suse.com/1178581",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178584",
            url: "https://bugzilla.suse.com/1178584",
         },
         {
            category: "self",
            summary: "SUSE Bug 1178585",
            url: "https://bugzilla.suse.com/1178585",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-14351 page",
            url: "https://www.suse.com/security/cve/CVE-2020-14351/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-16120 page",
            url: "https://www.suse.com/security/cve/CVE-2020-16120/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-25285 page",
            url: "https://www.suse.com/security/cve/CVE-2020-25285/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-25656 page",
            url: "https://www.suse.com/security/cve/CVE-2020-25656/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-25668 page",
            url: "https://www.suse.com/security/cve/CVE-2020-25668/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-25704 page",
            url: "https://www.suse.com/security/cve/CVE-2020-25704/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-25705 page",
            url: "https://www.suse.com/security/cve/CVE-2020-25705/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2020-8694 page",
            url: "https://www.suse.com/security/cve/CVE-2020-8694/",
         },
      ],
      title: "Security update for the Linux Kernel",
      tracking: {
         current_release_date: "2020-11-14T08:15:18Z",
         generator: {
            date: "2020-11-14T08:15:18Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2020:1906-1",
         initial_release_date: "2020-11-14T08:15:18Z",
         revision_history: [
            {
               date: "2020-11-14T08:15:18Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "kernel-devel-5.3.18-lp152.50.1.noarch",
                        product: {
                           name: "kernel-devel-5.3.18-lp152.50.1.noarch",
                           product_id: "kernel-devel-5.3.18-lp152.50.1.noarch",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-docs-5.3.18-lp152.50.1.noarch",
                        product: {
                           name: "kernel-docs-5.3.18-lp152.50.1.noarch",
                           product_id: "kernel-docs-5.3.18-lp152.50.1.noarch",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-docs-html-5.3.18-lp152.50.1.noarch",
                        product: {
                           name: "kernel-docs-html-5.3.18-lp152.50.1.noarch",
                           product_id: "kernel-docs-html-5.3.18-lp152.50.1.noarch",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-macros-5.3.18-lp152.50.1.noarch",
                        product: {
                           name: "kernel-macros-5.3.18-lp152.50.1.noarch",
                           product_id: "kernel-macros-5.3.18-lp152.50.1.noarch",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-source-5.3.18-lp152.50.1.noarch",
                        product: {
                           name: "kernel-source-5.3.18-lp152.50.1.noarch",
                           product_id: "kernel-source-5.3.18-lp152.50.1.noarch",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                        product: {
                           name: "kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                           product_id: "kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "kernel-debug-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-debug-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-debug-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-default-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-default-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-default-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-preempt-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-preempt-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-preempt-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kernel-syms-5.3.18-lp152.50.1.x86_64",
                        product: {
                           name: "kernel-syms-5.3.18-lp152.50.1.x86_64",
                           product_id: "kernel-syms-5.3.18-lp152.50.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.2",
                        product: {
                           name: "openSUSE Leap 15.2",
                           product_id: "openSUSE Leap 15.2",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.2",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-debug-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-debug-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-debug-devel-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-default-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-default-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-default-devel-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-default-devel-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-devel-5.3.18-lp152.50.1.noarch as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
            },
            product_reference: "kernel-devel-5.3.18-lp152.50.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-docs-5.3.18-lp152.50.1.noarch as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
            },
            product_reference: "kernel-docs-5.3.18-lp152.50.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-docs-html-5.3.18-lp152.50.1.noarch as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
            },
            product_reference: "kernel-docs-html-5.3.18-lp152.50.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-kvmsmall-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-macros-5.3.18-lp152.50.1.noarch as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
            },
            product_reference: "kernel-macros-5.3.18-lp152.50.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-obs-build-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-obs-build-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-obs-qa-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-preempt-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-preempt-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-preempt-devel-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-source-5.3.18-lp152.50.1.noarch as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
            },
            product_reference: "kernel-source-5.3.18-lp152.50.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-source-vanilla-5.3.18-lp152.50.1.noarch as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
            },
            product_reference: "kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kernel-syms-5.3.18-lp152.50.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            },
            product_reference: "kernel-syms-5.3.18-lp152.50.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2020-14351",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-14351",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-14351",
               url: "https://www.suse.com/security/cve/CVE-2020-14351",
            },
            {
               category: "external",
               summary: "SUSE Bug 1177086 for CVE-2020-14351",
               url: "https://bugzilla.suse.com/1177086",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 4.4,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2020-11-14T08:15:18Z",
               details: "moderate",
            },
         ],
         title: "CVE-2020-14351",
      },
      {
         cve: "CVE-2020-16120",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-16120",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-16120",
               url: "https://www.suse.com/security/cve/CVE-2020-16120",
            },
            {
               category: "external",
               summary: "SUSE Bug 1177470 for CVE-2020-16120",
               url: "https://bugzilla.suse.com/1177470",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2020-11-14T08:15:18Z",
               details: "moderate",
            },
         ],
         title: "CVE-2020-16120",
      },
      {
         cve: "CVE-2020-25285",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-25285",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-25285",
               url: "https://www.suse.com/security/cve/CVE-2020-25285",
            },
            {
               category: "external",
               summary: "SUSE Bug 1176485 for CVE-2020-25285",
               url: "https://bugzilla.suse.com/1176485",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 6.7,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2020-11-14T08:15:18Z",
               details: "moderate",
            },
         ],
         title: "CVE-2020-25285",
      },
      {
         cve: "CVE-2020-25656",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-25656",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-25656",
               url: "https://www.suse.com/security/cve/CVE-2020-25656",
            },
            {
               category: "external",
               summary: "SUSE Bug 1177766 for CVE-2020-25656",
               url: "https://bugzilla.suse.com/1177766",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2020-11-14T08:15:18Z",
               details: "moderate",
            },
         ],
         title: "CVE-2020-25656",
      },
      {
         cve: "CVE-2020-25668",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-25668",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-25668",
               url: "https://www.suse.com/security/cve/CVE-2020-25668",
            },
            {
               category: "external",
               summary: "SUSE Bug 1178123 for CVE-2020-25668",
               url: "https://bugzilla.suse.com/1178123",
            },
            {
               category: "external",
               summary: "SUSE Bug 1178622 for CVE-2020-25668",
               url: "https://bugzilla.suse.com/1178622",
            },
            {
               category: "external",
               summary: "SUSE Bug 1196914 for CVE-2020-25668",
               url: "https://bugzilla.suse.com/1196914",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2020-11-14T08:15:18Z",
               details: "moderate",
            },
         ],
         title: "CVE-2020-25668",
      },
      {
         cve: "CVE-2020-25704",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-25704",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-25704",
               url: "https://www.suse.com/security/cve/CVE-2020-25704",
            },
            {
               category: "external",
               summary: "SUSE Bug 1178393 for CVE-2020-25704",
               url: "https://bugzilla.suse.com/1178393",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2020-11-14T08:15:18Z",
               details: "moderate",
            },
         ],
         title: "CVE-2020-25704",
      },
      {
         cve: "CVE-2020-25705",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-25705",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-25705",
               url: "https://www.suse.com/security/cve/CVE-2020-25705",
            },
            {
               category: "external",
               summary: "SUSE Bug 1175721 for CVE-2020-25705",
               url: "https://bugzilla.suse.com/1175721",
            },
            {
               category: "external",
               summary: "SUSE Bug 1178782 for CVE-2020-25705",
               url: "https://bugzilla.suse.com/1178782",
            },
            {
               category: "external",
               summary: "SUSE Bug 1178783 for CVE-2020-25705",
               url: "https://bugzilla.suse.com/1178783",
            },
            {
               category: "external",
               summary: "SUSE Bug 1191790 for CVE-2020-25705",
               url: "https://bugzilla.suse.com/1191790",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2020-11-14T08:15:18Z",
               details: "important",
            },
         ],
         title: "CVE-2020-25705",
      },
      {
         cve: "CVE-2020-8694",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2020-8694",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
               "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
               "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2020-8694",
               url: "https://www.suse.com/security/cve/CVE-2020-8694",
            },
            {
               category: "external",
               summary: "SUSE Bug 1170415 for CVE-2020-8694",
               url: "https://bugzilla.suse.com/1170415",
            },
            {
               category: "external",
               summary: "SUSE Bug 1170446 for CVE-2020-8694",
               url: "https://bugzilla.suse.com/1170446",
            },
            {
               category: "external",
               summary: "SUSE Bug 1178591 for CVE-2020-8694",
               url: "https://bugzilla.suse.com/1178591",
            },
            {
               category: "external",
               summary: "SUSE Bug 1178700 for CVE-2020-8694",
               url: "https://bugzilla.suse.com/1178700",
            },
            {
               category: "external",
               summary: "SUSE Bug 1179661 for CVE-2020-8694",
               url: "https://bugzilla.suse.com/1179661",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.1,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.50.1.x86_64",
                  "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.50.1.noarch",
                  "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.50.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2020-11-14T08:15:18Z",
               details: "moderate",
            },
         ],
         title: "CVE-2020-8694",
      },
   ],
}

cve-2020-16120

Vulnerability from cvelistv5

Published

2021-02-10 19:45

Modified

2024-09-16 18:49

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.

References

▼	URL	Tags
	https://ubuntu.com/USN-4576-1	vendor-advisory, x_refsource_UBUNTU
	https://ubuntu.com/USN-4577-1	vendor-advisory, x_refsource_UBUNTU
	https://ubuntu.com/USN-4578-1	vendor-advisory, x_refsource_UBUNTU
	https://www.openwall.com/lists/oss-security/2020/10/14/2	x_refsource_CONFIRM
	https://launchpad.net/bugs/1894980	vendor-advisory, x_refsource_UBUNTU
	https://launchpad.net/bugs/1900141	vendor-advisory, x_refsource_UBUNTU
	https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d	x_refsource_CONFIRM
	https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f	x_refsource_CONFIRM
	https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8	x_refsource_CONFIRM
	https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52	x_refsource_CONFIRM
	https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Linux kernel	Linux kernel	Version: 5.11-stable < 5.11.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:37:53.989Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://ubuntu.com/USN-4576-1",
               },
               {
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://ubuntu.com/USN-4577-1",
               },
               {
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://ubuntu.com/USN-4578-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2020/10/14/2",
               },
               {
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://launchpad.net/bugs/1894980",
               },
               {
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://launchpad.net/bugs/1900141",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Linux kernel",
               vendor: "Linux kernel",
               versions: [
                  {
                     lessThan: "5.11.0",
                     status: "affected",
                     version: "5.11-stable",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Giuseppe Scrivano",
            },
         ],
         datePublic: "2020-10-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-266",
                     description: "CWE-266 Incorrect Privilege Assignment",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-02-10T19:45:26",
            orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            shortName: "canonical",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://ubuntu.com/USN-4576-1",
            },
            {
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://ubuntu.com/USN-4577-1",
            },
            {
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://ubuntu.com/USN-4578-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.openwall.com/lists/oss-security/2020/10/14/2",
            },
            {
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://launchpad.net/bugs/1894980",
            },
            {
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://launchpad.net/bugs/1900141",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84",
            },
         ],
         source: {
            advisory: "https://ubuntu.com/USN-4576-1",
            defect: [
               "https://launchpad.net/bugs/1894980",
            ],
            discovery: "EXTERNAL",
         },
         title: "Unprivileged overlay + shiftfs read access",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               AKA: "",
               ASSIGNER: "security@ubuntu.com",
               DATE_PUBLIC: "2020-10-13T16:00:00.000Z",
               ID: "CVE-2020-16120",
               STATE: "PUBLIC",
               TITLE: "Unprivileged overlay + shiftfs read access",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Linux kernel",
                                 version: {
                                    version_data: [
                                       {
                                          platform: "",
                                          version_affected: "<",
                                          version_name: "5.11-stable",
                                          version_value: "5.11.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Linux kernel",
                     },
                  ],
               },
            },
            configuration: [],
            credit: [
               {
                  lang: "eng",
                  value: "Giuseppe Scrivano",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.",
                  },
               ],
            },
            exploit: [],
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-266 Incorrect Privilege Assignment",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://ubuntu.com/USN-4576-1",
                     refsource: "UBUNTU",
                     url: "https://ubuntu.com/USN-4576-1",
                  },
                  {
                     name: "https://ubuntu.com/USN-4577-1",
                     refsource: "UBUNTU",
                     url: "https://ubuntu.com/USN-4577-1",
                  },
                  {
                     name: "https://ubuntu.com/USN-4578-1",
                     refsource: "UBUNTU",
                     url: "https://ubuntu.com/USN-4578-1",
                  },
                  {
                     name: "https://www.openwall.com/lists/oss-security/2020/10/14/2",
                     refsource: "CONFIRM",
                     url: "https://www.openwall.com/lists/oss-security/2020/10/14/2",
                  },
                  {
                     name: "https://launchpad.net/bugs/1894980",
                     refsource: "UBUNTU",
                     url: "https://launchpad.net/bugs/1894980",
                  },
                  {
                     name: "https://launchpad.net/bugs/1900141",
                     refsource: "UBUNTU",
                     url: "https://launchpad.net/bugs/1900141",
                  },
                  {
                     name: "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d",
                     refsource: "CONFIRM",
                     url: "https://git.kernel.org/linus/56230d956739b9cb1cbde439d76227d77979a04d",
                  },
                  {
                     name: "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f",
                     refsource: "CONFIRM",
                     url: "https://git.kernel.org/linus/48bd024b8a40d73ad6b086de2615738da0c7004f",
                  },
                  {
                     name: "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8",
                     refsource: "CONFIRM",
                     url: "https://git.kernel.org/linus/05acefb4872dae89e772729efb194af754c877e8",
                  },
                  {
                     name: "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52",
                     refsource: "CONFIRM",
                     url: "https://git.kernel.org/linus/d1d04ef8572bc8c22265057bd3d5a79f223f8f52",
                  },
                  {
                     name: "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84",
                     refsource: "CONFIRM",
                     url: "https://git.kernel.org/linus/b6650dab404c701d7fe08a108b746542a934da84",
                  },
               ],
            },
            solution: [],
            source: {
               advisory: "https://ubuntu.com/USN-4576-1",
               defect: [
                  "https://launchpad.net/bugs/1894980",
               ],
               discovery: "EXTERNAL",
            },
            work_around: [],
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
      assignerShortName: "canonical",
      cveId: "CVE-2020-16120",
      datePublished: "2021-02-10T19:45:26.096560Z",
      dateReserved: "2020-07-29T00:00:00",
      dateUpdated: "2024-09-16T18:49:11.997Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-25656

Vulnerability from cvelistv5

Published

2020-12-02 00:00

Modified

2024-08-04 15:40

Severity ?

Summary

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1888726
	https://lkml.org/lkml/2020/10/29/528
	https://lkml.org/lkml/2020/10/16/84
	https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html	mailing-list
	https://www.starwindsoftware.com/security/sw-20210325-0006/

Impacted products

	Vendor	Product	Version
	n/a	kernel	Version: kernel 5.10-rc2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:40:36.449Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1888726",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lkml.org/lkml/2020/10/29/528",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lkml.org/lkml/2020/10/16/84",
               },
               {
                  name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
               },
               {
                  name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.starwindsoftware.com/security/sw-20210325-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "kernel",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "kernel 5.10-rc2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-11T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1888726",
            },
            {
               url: "https://lkml.org/lkml/2020/10/29/528",
            },
            {
               url: "https://lkml.org/lkml/2020/10/16/84",
            },
            {
               name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
            },
            {
               name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
            },
            {
               url: "https://www.starwindsoftware.com/security/sw-20210325-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-25656",
      datePublished: "2020-12-02T00:00:00",
      dateReserved: "2020-09-16T00:00:00",
      dateUpdated: "2024-08-04T15:40:36.449Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-25704

Vulnerability from cvelistv5

Published

2020-12-02 00:00

Modified

2024-08-04 15:40

Severity ?

Summary

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1895961
	https://www.openwall.com/lists/oss-security/2020/11/09/1
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00
	https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html	mailing-list
	https://www.starwindsoftware.com/security/sw-20220802-0003/

Impacted products

	Vendor	Product	Version
	n/a	kernel	Version: kernel 5.10-rc3

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:40:36.653Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1895961",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2020/11/09/1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00",
               },
               {
                  name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
               },
               {
                  name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.starwindsoftware.com/security/sw-20220802-0003/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "kernel",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "kernel 5.10-rc3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-401",
                     description: "CWE-401",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-11T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1895961",
            },
            {
               url: "https://www.openwall.com/lists/oss-security/2020/11/09/1",
            },
            {
               url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00",
            },
            {
               name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
            },
            {
               name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
            },
            {
               url: "https://www.starwindsoftware.com/security/sw-20220802-0003/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-25704",
      datePublished: "2020-12-02T00:00:00",
      dateReserved: "2020-09-16T00:00:00",
      dateUpdated: "2024-08-04T15:40:36.653Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-25705

Vulnerability from cvelistv5

Published

2020-11-17 01:16

Modified

2024-08-04 15:40

Severity ?

Summary

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version

References

▼	URL	Tags
	https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Siemens Lunux Based Products	Version: RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE US: Versions 3.1.39 and later, SIMATIC NET CP 1243-7: Versions 3.1.39 and later, SIMATIC NET CP 1243-8 IRC: Versions 3.1.39 and later, SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1542SP-1: Versions 2.0 and later, SIMATIC NET CP 1543-1 (incl. SIPLUS variants): Versions 2.2 and later, SIMATIC NET CP 1543SP-1 (incl SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1545-1: All versions, SINEMA Remote Connect Server: All versions prior to v3.0 SP1, TIM 1531 IRC (incl. SI ...[truncated*]

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:40:36.596Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Siemens Lunux Based Products",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE US: Versions 3.1.39 and later, SIMATIC NET CP 1243-7: Versions 3.1.39 and later, SIMATIC NET CP 1243-8 IRC: Versions 3.1.39 and later, SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1542SP-1: Versions 2.0 and later, SIMATIC NET CP 1543-1 (incl. SIPLUS variants): Versions 2.2 and later, SIMATIC NET CP 1543SP-1 (incl SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1545-1: All versions, SINEMA Remote Connect Server: All versions prior to v3.0 SP1, TIM 1531 IRC (incl. SI ...[truncated*]",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-330",
                     description: "USE OF INSUFFICIENTLY RANDOM VALUES CWE-330",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-05-18T10:48:35",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03",
            },
         ],
         x_ConverterErrors: {
            version_name: {
               error: "version_name too long. Use array of versions to record more than one version.",
               message: "Truncated!",
            },
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2020-25705",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Siemens Lunux Based Products",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE US: Versions 3.1.39 and later, SIMATIC NET CP 1243-7: Versions 3.1.39 and later, SIMATIC NET CP 1243-8 IRC: Versions 3.1.39 and later, SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1542SP-1: Versions 2.0 and later, SIMATIC NET CP 1543-1 (incl. SIPLUS variants): Versions 2.2 and later, SIMATIC NET CP 1543SP-1 (incl SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1545-1: All versions, SINEMA Remote Connect Server: All versions prior to v3.0 SP1, TIM 1531 IRC (incl. SIPLUS NET variants): All versions",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "USE OF INSUFFICIENTLY RANDOM VALUES CWE-330",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03",
                     refsource: "MISC",
                     url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-25705",
      datePublished: "2020-11-17T01:16:17",
      dateReserved: "2020-09-16T00:00:00",
      dateUpdated: "2024-08-04T15:40:36.596Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-14351

Vulnerability from cvelistv5

Published

2020-12-03 16:43

Modified

2024-08-04 12:39

Severity ?

Summary

A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1862849	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	kernel	Version: kernel 5.8.17

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:39:36.525Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1862849",
               },
               {
                  name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
               },
               {
                  name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "kernel",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "kernel 5.8.17",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-12-18T13:06:15",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1862849",
            },
            {
               name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
            },
            {
               name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2020-14351",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "kernel",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "kernel 5.8.17",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-416",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1862849",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1862849",
                  },
                  {
                     name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
                  },
                  {
                     name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-14351",
      datePublished: "2020-12-03T16:43:22",
      dateReserved: "2020-06-17T00:00:00",
      dateUpdated: "2024-08-04T12:39:36.525Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-25668

Vulnerability from cvelistv5

Published

2021-05-26 11:11

Modified

2024-08-04 15:40

Severity ?

Summary

A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.

References

▼	URL	Tags
	http://www.openwall.com/lists/oss-security/2020/10/30/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/11/04/3	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html	mailing-list, x_refsource_MLIST
	https://www.openwall.com/lists/oss-security/2020/11/04/3%2C	x_refsource_MISC
	https://www.openwall.com/lists/oss-security/2020/10/30/1%2C	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20210702-0005/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Linux Kernel	Version: 5.9.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:40:36.882Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2020/10/30/1",
               },
               {
                  name: "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2020/11/04/3",
               },
               {
                  name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
               },
               {
                  name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20210702-0005/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Linux Kernel",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "5.9.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-362",
                     description: "CWE-362 -> CWE-416",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-07-02T11:06:20",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2020/10/30/1",
            },
            {
               name: "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2020/11/04/3",
            },
            {
               name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
            },
            {
               name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20210702-0005/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2020-25668",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Linux Kernel",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "5.9.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-362 -> CWE-416",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2020/10/30/1",
                  },
                  {
                     name: "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2020/11/04/3",
                  },
                  {
                     name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
                  },
                  {
                     name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
                  },
                  {
                     name: "https://www.openwall.com/lists/oss-security/2020/11/04/3,",
                     refsource: "MISC",
                     url: "https://www.openwall.com/lists/oss-security/2020/11/04/3,",
                  },
                  {
                     name: "https://www.openwall.com/lists/oss-security/2020/10/30/1,",
                     refsource: "MISC",
                     url: "https://www.openwall.com/lists/oss-security/2020/10/30/1,",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287,",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1893287,",
                  },
                  {
                     name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220",
                     refsource: "MISC",
                     url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20210702-0005/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20210702-0005/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-25668",
      datePublished: "2021-05-26T11:11:04",
      dateReserved: "2020-09-16T00:00:00",
      dateUpdated: "2024-08-04T15:40:36.882Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-25285

Vulnerability from cvelistv5

Published

2020-09-13 17:28

Modified

2024-08-04 15:33

Severity ?

Summary

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.

References

▼	URL	Tags
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467	x_refsource_MISC
	https://twitter.com/grsecurity/status/1303749848898904067	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html	mailing-list, x_refsource_MLIST
	https://security.netapp.com/advisory/ntap-20201009-0002/	x_refsource_CONFIRM
	https://usn.ubuntu.com/4576-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4579-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T15:33:05.246Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://twitter.com/grsecurity/status/1303749848898904067",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8",
               },
               {
                  name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20201009-0002/",
               },
               {
                  name: "USN-4576-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4576-1/",
               },
               {
                  name: "USN-4579-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4579-1/",
               },
               {
                  name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html",
               },
               {
                  name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-10-31T17:06:19",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://twitter.com/grsecurity/status/1303749848898904067",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8",
            },
            {
               name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20201009-0002/",
            },
            {
               name: "USN-4576-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4576-1/",
            },
            {
               name: "USN-4579-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4579-1/",
            },
            {
               name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html",
            },
            {
               name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-25285",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467",
                     refsource: "MISC",
                     url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17743798d81238ab13050e8e2833699b54e15467",
                  },
                  {
                     name: "https://twitter.com/grsecurity/status/1303749848898904067",
                     refsource: "MISC",
                     url: "https://twitter.com/grsecurity/status/1303749848898904067",
                  },
                  {
                     name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8",
                     refsource: "MISC",
                     url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.8",
                  },
                  {
                     name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20201009-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20201009-0002/",
                  },
                  {
                     name: "USN-4576-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4576-1/",
                  },
                  {
                     name: "USN-4579-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4579-1/",
                  },
                  {
                     name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html",
                  },
                  {
                     name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-25285",
      datePublished: "2020-09-13T17:28:21",
      dateReserved: "2020-09-13T00:00:00",
      dateUpdated: "2024-08-04T15:33:05.246Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-8694

Vulnerability from cvelistv5

Published

2020-11-12 18:03

Modified

2024-08-04 10:03

Severity ?

Summary

Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

References

▼	URL	Tags
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html	mailing-list, x_refsource_MLIST
	https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Processors	Version: See references

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:03:46.276Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389",
               },
               {
                  name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
               },
               {
                  name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Intel(R) Processors",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "See references",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "information disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-05-11T12:06:30",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389",
            },
            {
               name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
            },
            {
               name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               ID: "CVE-2020-8694",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Intel(R) Processors",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "See references",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "information disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389",
                     refsource: "MISC",
                     url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389",
                  },
                  {
                     name: "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html",
                  },
                  {
                     name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2020-8694",
      datePublished: "2020-11-12T18:03:34",
      dateReserved: "2020-02-06T00:00:00",
      dateUpdated: "2024-08-04T10:03:46.276Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_opensuse

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature