OPENSUSE-SU-2020:2193-1
Vulnerability from csaf_opensuse - Published: 2020-12-07 11:06 - Updated: 2020-12-07 11:06Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429).
- CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).
- CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).
- CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).
- CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p->serial_in pointer which uninitialized (bnc#1179140).
- CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107).
- CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).
The following non-security bugs were fixed:
- ACPI: GED: fix -Wformat (git-fixes).
- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).
- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).
- ALSA: mixart: Fix mutex deadlock (git-fixes).
- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).
- Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).
- Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).
- Convert trailing spaces and periods in path components (bsc#1179424).
- Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes).
- IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)
- IB/core: Set qp->real_qp before it may be accessed (bsc#1111666)
- IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)
- IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)
- IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)
- IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)
- IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)
- IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)
- IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)
- IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)
- IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)
- IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)
- IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)
- IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)
- IB/hfi1: Handle port down properly in pio (bsc#1111666)
- IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)
- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)
- IB/hfi1: Remove unused define (bsc#1111666)
- IB/hfi1: Silence txreq allocation warnings (bsc#1111666)
- IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)
- IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)
- IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)
- IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)
- IB/ipoib: drop useless LIST_HEAD (bsc#1111666)
- IB/iser: Fix dma_nents type definition (bsc#1111666)
- IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)
- IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)
- IB/mlx4: Add and improve logging (bsc#1111666)
- IB/mlx4: Add support for MRA (bsc#1111666)
- IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)
- IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)
- IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)
- IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)
- IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)
- IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)
- IB/mlx4: Remove unneeded NULL check (bsc#1111666)
- IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)
- IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)
- IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)
- IB/mlx5: Do not override existing ip_protocol (bsc#1111666)
- IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)
- IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)
- IB/mlx5: Fix implicit MR release flow (bsc#1111666)
- IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)
- IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)
- IB/mlx5: Improve ODP debugging messages (bsc#1111666)
- IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)
- IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)
- IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)
- IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)
- IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)
- IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666)
- IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)
- IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)
- IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)
- IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)
- IB/qib: Remove a set-but-not-used variable (bsc#1111666)
- IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)
- IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)
- IB/rdmavt: Fix sizeof mismatch (bsc#1111666)
- IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)
- IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)
- IB/rxe: Make counters thread safe (bsc#1111666)
- IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)
- IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)
- IB/umad: Avoid destroying device while it is accessed (bsc#1111666)
- IB/umad: Do not check status of nonseekable_open() (bsc#1111666)
- IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)
- IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)
- IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)
- IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)
- IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)
- IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)
- IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)
- KVM host: kabi fixes for psci_version (bsc#1174726).
- KVM: arm64: Add missing #include of <linux/string.h> in guest.c (bsc#1174726).
- KVM: arm64: Factor out core register ID enumeration (bsc#1174726).
- KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).
- KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).
- KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).
- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).
- PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).
- RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)
- RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)
- RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)
- RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)
- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)
- RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)
- RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)
- RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)
- RDMA/cma: Fix false error message (bsc#1111666)
- RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)
- RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)
- RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)
- RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)
- RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)
- RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)
- RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)
- RDMA/core: Fix race between destroy and release FD object (bsc#1111666)
- RDMA/core: Fix race when resolving IP address (bsc#1111666)
- RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)
- RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)
- RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)
- RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)
- RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/hns: Set the unsupported wr opcode (bsc#1111666)
- RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)
- RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)
- RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)
- RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)
- RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)
- RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)
- RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)
- RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)
- RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)
- RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)
- RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)
- RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)
- RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)
- RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)
- RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)
- RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)
- RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)
- RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)
- RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666)
- RDMA/mlx5: Return proper error value (bsc#1111666)
- RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)
- RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)
- RDMA/nes: Remove second wait queue initialization call (bsc#1111666)
- RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)
- RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)
- RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)
- RDMA/qedr: Endianness warnings cleanup (bsc#1111666)
- RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).
- RDMA/qedr: Fix doorbell setting (bsc#1111666)
- RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).
- RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)
- RDMA/qedr: Fix reported firmware version (bsc#1111666)
- RDMA/qedr: Fix use of uninitialized field (bsc#1111666)
- RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)
- RDMA/qedr: SRQ's bug fixes (bsc#1111666)
- RDMA/qib: Delete extra line (bsc#1111666)
- RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)
- RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666)
- RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)
- RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)
- RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)
- RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)
- RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)
- RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)
- RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)
- RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue (bsc#1111666)
- RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)
- RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)
- RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)
- RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)
- RDMA/rxe: Set default vendor ID (bsc#1111666)
- RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)
- RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)
- RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)
- RDMA/srp: Rework SCSI device reset handling (bsc#1111666)
- RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)
- RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)
- RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)
- RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)
- RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)
- RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)
- RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)
- RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)
- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)
- Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (bsc#1179418).
- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).
- Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).
- USB: core: Fix regression in Hercules audio card (git-fixes).
- Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).
- arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).
- arm64: KVM: Fix system register enumeration (bsc#1174726).
- ath10k: Acquire tx_lock in tx error paths (git-fixes).
- batman-adv: set .owner to THIS_MODULE (git-fixes).
- bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).
- bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).
- btrfs: account ticket size at add/delete time (bsc#1178897).
- btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).
- btrfs: check rw_devices, not num_devices for balance (bsc#1178897).
- btrfs: do not delete mismatched root refs (bsc#1178962).
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).
- btrfs: fix force usage in inc_block_group_ro (bsc#1178897).
- btrfs: fix invalid removal of root ref (bsc#1178962).
- btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).
- btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).
- btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).
- btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).
- btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs.
- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).
- can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).
- ceph: add check_session_state() helper and make it global (bsc#1179259).
- ceph: check session state after bumping session->s_seq (bsc#1179259).
- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- cifs: remove bogus debug code (bsc#1179427).
- cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).
- docs: ABI: stable: remove a duplicated documentation (git-fixes).
- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).
- efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).
- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).
- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).
- efi/x86: Free efi_pgd with free_pages() (bsc#1112178).
- efi/x86: Ignore the memory attributes table on i386 (git-fixes).
- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).
- efi: cper: Fix possible out-of-bounds access (git-fixes).
- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).
- efivarfs: fix memory leak in efivarfs_create() (git-fixes).
- efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).
- fuse: fix page dereference after free (bsc#1179213).
- hv_balloon: disable warning when floor reached (git-fixes).
- i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)
- i40iw: Report correct firmware version (bsc#1111666)
- i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)
- igc: Fix returning wrong statistics (bsc#1118657).
- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).
- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).
- iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)
- iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)
- kABI workaround for usermodehelper changes (bsc#1179406).
- kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- mac80211: always wind down STA state (git-fixes).
- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).
- mlxsw: core: Fix memory leak on module removal (bsc#1112374).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).
- net/tls: Fix kmap usage (bsc#1109837).
- net/tls: missing received data after fast remote close (bsc#1109837).
- net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).
- net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).
- net: ena: handle bad request id in ena_netdev (git-fixes).
- net: qed: fix 'maybe uninitialized' warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).
- net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).
- net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).
- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).
- nfp: use correct define to return NONE fec (bsc#1109837).
- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).
- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).
- pinctrl: aspeed: Fix GPI only function problem (git-fixes).
- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).
- powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).
- powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).
- qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).
- qed: suppress 'do not support RoCE & iWARP' flooding on HW init (bsc#1050536 bsc#1050545).
- qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- reboot: fix overflow parsing reboot cpu number (bsc#1179421).
- rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)
- rxe: fix error completion wr_id and qp_num (bsc#1111666)
- s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).
- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).
- s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).
- s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).
- sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).
- sched/x86: SaveFLAGS on context switch (bsc#1112178).
- scripts/git_sort/git_sort.py: add ceph maintainers git tree
- scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)
- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).
- svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).
- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).
- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).
- tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).
- tty: serial: imx: keep console clocks always on (git-fixes).
- usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).
- usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).
- usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).
- usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).
- usermodehelper: reset umask to default before executing user process (bsc#1179406).
- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).
- x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).
- x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).
- x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).
- x86/hyperv: Clarify comment on x2apic mode (git-fixes).
- x86/hyperv: Make vapic support x2apic mode (git-fixes).
- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).
- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).
- x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).
- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
- xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).
Patchnames: openSUSE-2020-2193
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd (bnc#1179429).\n- CVE-2020-15436: Use-after-free vulnerability in fs/block_dev.c allowed local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field (bnc#1179141).\n- CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n- CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c, where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).\n- CVE-2020-15437: The Linux kernel was vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allowed local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized (bnc#1179140).\n- CVE-2020-27777: Restrict RTAS requests from userspace (CVE-2020-27777 bsc#1179107).\n- CVE-2020-28974: A slab-out-of-bounds read in fbcon could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height (bnc#1178589).\n\nThe following non-security bugs were fixed:\n\n- ACPI: GED: fix -Wformat (git-fixes).\n- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n- ALSA: mixart: Fix mutex deadlock (git-fixes).\n- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n- Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).\n- Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).\n- Convert trailing spaces and periods in path components (bsc#1179424).\n- Drivers: hv: vmbus: Remove the unused \u0027tsc_page\u0027 from struct hv_context (git-fixes).\n- IB/cma: Fix ports memory leak in cma_configfs (bsc#1111666)\n- IB/core: Set qp-\u003ereal_qp before it may be accessed (bsc#1111666)\n- IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)\n- IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)\n- IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)\n- IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)\n- IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)\n- IB/hfi1: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n- IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)\n- IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)\n- IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)\n- IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)\n- IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n- IB/hfi1: Fix memory leaks in sysfs registration and unregistration (bsc#1111666)\n- IB/hfi1: Handle port down properly in pio (bsc#1111666)\n- IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)\n- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)\n- IB/hfi1: Remove unused define (bsc#1111666)\n- IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n- IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)\n- IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)\n- IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (bsc#1111666)\n- IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)\n- IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n- IB/iser: Fix dma_nents type definition (bsc#1111666)\n- IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)\n- IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)\n- IB/mlx4: Add and improve logging (bsc#1111666)\n- IB/mlx4: Add support for MRA (bsc#1111666)\n- IB/mlx4: Adjust delayed work when a dup is observed (bsc#1111666)\n- IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n- IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)\n- IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)\n- IB/mlx4: Fix starvation in paravirt mux/demux (bsc#1111666)\n- IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)\n- IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n- IB/mlx4: Test return value of calls to ib_get_cached_pkey (bsc#1111666)\n- IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)\n- IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)\n- IB/mlx5: Do not override existing ip_protocol (bsc#1111666)\n- IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)\n- IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)\n- IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n- IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)\n- IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)\n- IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n- IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)\n- IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)\n- IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)\n- IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)\n- IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)\n- IB/mlx5: Use fragmented QP\u0027s buffer for in-kernel users (bsc#1111666)\n- IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)\n- IB/mthca: fix return value of error branch in mthca_init_cq() (bsc#1111666)\n- IB/qib: Call kobject_put() when kobject_init_and_add() fails (bsc#1111666)\n- IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)\n- IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n- IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)\n- IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n- IB/rdmavt: Fix sizeof mismatch (bsc#1111666)\n- IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)\n- IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)\n- IB/rxe: Make counters thread safe (bsc#1111666)\n- IB/srpt: Fix memory leak in srpt_add_one (bsc#1111666)\n- IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)\n- IB/umad: Avoid destroying device while it is accessed (bsc#1111666)\n- IB/umad: Do not check status of nonseekable_open() (bsc#1111666)\n- IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)\n- IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)\n- IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)\n- IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)\n- IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)\n- IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)\n- IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)\n- KVM host: kabi fixes for psci_version (bsc#1174726).\n- KVM: arm64: Add missing #include of \u0026lt;linux/string.h\u003e in guest.c (bsc#1174726).\n- KVM: arm64: Factor out core register ID enumeration (bsc#1174726).\n- KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).\n- KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).\n- KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).\n- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n- PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).\n- RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)\n- RDMA/bnxt_re: Fix lifetimes in bnxt_re_task (bsc#1111666)\n- RDMA/bnxt_re: Fix sizeof mismatch for allocation of pbl_tbl. (bsc#1111666)\n- RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)\n- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (bsc#1111666)\n- RDMA/cm: Fix checking for allowed duplicate listens (bsc#1111666)\n- RDMA/cm: Remove a race freeing timewait_info (bsc#1111666)\n- RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow (bsc#1111666)\n- RDMA/cma: Fix false error message (bsc#1111666)\n- RDMA/cma: Protect bind_list and listen_list while finding matching cm id (bsc#1111666)\n- RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)\n- RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)\n- RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)\n- RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)\n- RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)\n- RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)\n- RDMA/core: Fix race between destroy and release FD object (bsc#1111666)\n- RDMA/core: Fix race when resolving IP address (bsc#1111666)\n- RDMA/core: Prevent mixed use of FDs between shared ufiles (bsc#1111666)\n- RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)\n- RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)\n- RDMA/hns: Correct typo of hns_roce_create_cq() (bsc#1111666)\n- RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/hns: Set the unsupported wr opcode (bsc#1111666)\n- RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)\n- RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)\n- RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah() (bsc#1111666)\n- RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n- RDMA/ipoib: Return void from ipoib_ib_dev_stop() (bsc#1111666)\n- RDMA/ipoib: Set rtnl_link_ops for ipoib interfaces (bsc#1111666)\n- RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)\n- RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)\n- RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n- RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n- RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)\n- RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() (bsc#1111666)\n- RDMA/mlx4: Initialize ib_spec on the stack (bsc#1111666)\n- RDMA/mlx4: Read pkey table length instead of hardcoded value (bsc#1111666)\n- RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)\n- RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)\n- RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)\n- RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)\n- RDMA/mlx5: Fix function name typo \u0027fileds\u0027 -\u003e \u0027fields\u0027 (bsc#1111666)\n- RDMA/mlx5: Return proper error value (bsc#1111666)\n- RDMA/mlx5: Set GRH fields in query QP on RoCE (bsc#1111666)\n- RDMA/mlx5: Verify that QP is created with RQ or SQ (bsc#1111666)\n- RDMA/nes: Remove second wait queue initialization call (bsc#1111666)\n- RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)\n- RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)\n- RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() (bsc#1111666)\n- RDMA/qedr: Endianness warnings cleanup (bsc#1111666)\n- RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532 (bsc#1050545).\n- RDMA/qedr: Fix doorbell setting (bsc#1111666)\n- RDMA/qedr: Fix memory leak in iWARP CM (bsc#1050545 ).\n- RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)\n- RDMA/qedr: Fix reported firmware version (bsc#1111666)\n- RDMA/qedr: Fix use of uninitialized field (bsc#1111666)\n- RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/qedr: SRQ\u0027s bug fixes (bsc#1111666)\n- RDMA/qib: Delete extra line (bsc#1111666)\n- RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)\n- RDMA/qib: Validate -\u003eshow()/store() callbacks before calling them (bsc#1111666)\n- RDMA/rxe: Drop pointless checks in rxe_init_ports (bsc#1111666)\n- RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n- RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)\n- RDMA/rxe: Fix memleak in rxe_mem_init_user (bsc#1111666)\n- RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)\n- RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)\n- RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars (bsc#1111666)\n- RDMA/rxe: Prevent access to wr-\u003enext ptr afrer wr is posted to send queue (bsc#1111666)\n- RDMA/rxe: Remove unused rxe_mem_map_pages (bsc#1111666)\n- RDMA/rxe: Remove useless rxe_init_device_param assignments (bsc#1111666)\n- RDMA/rxe: Return void from rxe_init_port_param() (bsc#1111666)\n- RDMA/rxe: Return void from rxe_mem_init_dma() (bsc#1111666)\n- RDMA/rxe: Set default vendor ID (bsc#1111666)\n- RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices (bsc#1111666)\n- RDMA/rxe: Skip dgid check in loopback mode (bsc#1111666)\n- RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)\n- RDMA/srp: Rework SCSI device reset handling (bsc#1111666)\n- RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (bsc#1111666)\n- RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)\n- RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)\n- RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)\n- RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)\n- RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)\n- RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)\n- RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)\n- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)\n- Revert \u0027kernel/reboot.c: convert simple_strtoul to kstrtoint\u0027 (bsc#1179418).\n- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1103992).\n- Staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).\n- USB: core: Fix regression in Hercules audio card (git-fixes).\n- Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).\n- arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).\n- arm64: KVM: Fix system register enumeration (bsc#1174726).\n- ath10k: Acquire tx_lock in tx error paths (git-fixes).\n- batman-adv: set .owner to THIS_MODULE (git-fixes).\n- bnxt_en: Fix race when modifying pause settings (bsc#1050242 ).\n- bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex (bsc#1050242).\n- btrfs: account ticket size at add/delete time (bsc#1178897).\n- btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).\n- btrfs: check rw_devices, not num_devices for balance (bsc#1178897).\n- btrfs: do not delete mismatched root refs (bsc#1178962).\n- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).\n- btrfs: fix force usage in inc_block_group_ro (bsc#1178897).\n- btrfs: fix invalid removal of root ref (bsc#1178962).\n- btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).\n- btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).\n- btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).\n- btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).\n- btrfs: split dev-replace locking helpers for read and write (bsc#1178897). Needed as a prep patch for further improvements around btrfs.\n- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n- can: m_can: fix nominal bitiming tseg2 min for version \u003e= 3.1 (git-fixes).\n- ceph: add check_session_state() helper and make it global (bsc#1179259).\n- ceph: check session state after bumping session-\u003es_seq (bsc#1179259).\n- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n- cifs: remove bogus debug code (bsc#1179427).\n- cxgb4: Fix offset when clearing filter byte counters (bsc#1064802 bsc#1066129).\n- docs: ABI: stable: remove a duplicated documentation (git-fixes).\n- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).\n- efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).\n- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n- efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n- efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n- efi: cper: Fix possible out-of-bounds access (git-fixes).\n- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n- efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n- efivarfs: revert \u0027fix memory leak in efivarfs_create()\u0027 (git-fixes).\n- fuse: fix page dereference after free (bsc#1179213).\n- hv_balloon: disable warning when floor reached (git-fixes).\n- i40iw: Fix error handling in i40iw_manage_arp_cache() (bsc#1111666)\n- i40iw: Report correct firmware version (bsc#1111666)\n- i40iw: fix null pointer dereference on a null wqe pointer (bsc#1111666)\n- igc: Fix returning wrong statistics (bsc#1118657).\n- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n- iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)\n- iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)\n- kABI workaround for usermodehelper changes (bsc#1179406).\n- kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- mac80211: always wind down STA state (git-fixes).\n- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n- mlxsw: core: Fix memory leak on module removal (bsc#1112374).\n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).\n- net/tls: Fix kmap usage (bsc#1109837).\n- net/tls: missing received data after fast remote close (bsc#1109837).\n- net: DCB: Validate DCB_ATTR_DCB_BUFFER argument (bsc#1103990 ).\n- net: ena: fix packet\u0027s addresses for rx_offset feature (bsc#1174852).\n- net: ena: handle bad request id in ena_netdev (git-fixes).\n- net: qed: fix \u0027maybe uninitialized\u0027 warning (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n- net: qed: fix async event callbacks unregistering (bsc#1104393 bsc#1104389).\n- net: qede: fix PTP initialization on recovery (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n- net: qede: fix use-after-free on recovery and AER handling (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n- net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task() (bsc#1110096).\n- net_sched: fix a memory leak in atm_tc_init() (bsc#1056657 bsc#1056653 bsc#1056787).\n- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n- nfp: use correct define to return NONE fec (bsc#1109837).\n- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n- pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n- powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).\n- powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- qed: fix error return code in qed_iwarp_ll2_start() (bsc#1050536 bsc#1050545).\n- qed: suppress \u0027do not support RoCE \u0026 iWARP\u0027 flooding on HW init (bsc#1050536 bsc#1050545).\n- qed: suppress false-positives interrupt error messages on HW init (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).\n- reboot: fix overflow parsing reboot cpu number (bsc#1179421).\n- rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)\n- rxe: fix error completion wr_id and qp_num (bsc#1111666)\n- s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).\n- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).\n- s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).\n- s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).\n- sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).\n- sched/x86: SaveFLAGS on context switch (bsc#1112178).\n- scripts/git_sort/git_sort.py: add ceph maintainers git tree\n- scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)\n- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n- svcrdma: Fix page leak in svc_rdma_recv_read_chunk() (bsc#1103992).\n- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (bsc#1103992).\n- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (bsc#1109837).\n- tracing: Fix out of bounds write in get_trace_buf (bsc#1179403).\n- tty: serial: imx: keep console clocks always on (git-fixes).\n- usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n- usb: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n- usb: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n- usb: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).\n- usermodehelper: reset umask to default before executing user process (bsc#1179406).\n- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n- x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).\n- x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).\n- x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).\n- x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n- x86/hyperv: Make vapic support x2apic mode (git-fixes).\n- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).\n- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).\n- x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).\n- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).\n- xfs: revert \u0027xfs: fix rmap key and record comparison functions\u0027 (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-2193",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2193-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:2193-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4YRSQJNKLIOJJTD3P2UKMHRFMCIG3JDN/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:2193-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4YRSQJNKLIOJJTD3P2UKMHRFMCIG3JDN/"
},
{
"category": "self",
"summary": "SUSE Bug 1050242",
"url": "https://bugzilla.suse.com/1050242"
},
{
"category": "self",
"summary": "SUSE Bug 1050536",
"url": "https://bugzilla.suse.com/1050536"
},
{
"category": "self",
"summary": "SUSE Bug 1050545",
"url": "https://bugzilla.suse.com/1050545"
},
{
"category": "self",
"summary": "SUSE Bug 1056653",
"url": "https://bugzilla.suse.com/1056653"
},
{
"category": "self",
"summary": "SUSE Bug 1056657",
"url": "https://bugzilla.suse.com/1056657"
},
{
"category": "self",
"summary": "SUSE Bug 1056787",
"url": "https://bugzilla.suse.com/1056787"
},
{
"category": "self",
"summary": "SUSE Bug 1064802",
"url": "https://bugzilla.suse.com/1064802"
},
{
"category": "self",
"summary": "SUSE Bug 1066129",
"url": "https://bugzilla.suse.com/1066129"
},
{
"category": "self",
"summary": "SUSE Bug 1103990",
"url": "https://bugzilla.suse.com/1103990"
},
{
"category": "self",
"summary": "SUSE Bug 1103992",
"url": "https://bugzilla.suse.com/1103992"
},
{
"category": "self",
"summary": "SUSE Bug 1104389",
"url": "https://bugzilla.suse.com/1104389"
},
{
"category": "self",
"summary": "SUSE Bug 1104393",
"url": "https://bugzilla.suse.com/1104393"
},
{
"category": "self",
"summary": "SUSE Bug 1109837",
"url": "https://bugzilla.suse.com/1109837"
},
{
"category": "self",
"summary": "SUSE Bug 1110096",
"url": "https://bugzilla.suse.com/1110096"
},
{
"category": "self",
"summary": "SUSE Bug 1111666",
"url": "https://bugzilla.suse.com/1111666"
},
{
"category": "self",
"summary": "SUSE Bug 1112178",
"url": "https://bugzilla.suse.com/1112178"
},
{
"category": "self",
"summary": "SUSE Bug 1112374",
"url": "https://bugzilla.suse.com/1112374"
},
{
"category": "self",
"summary": "SUSE Bug 1118657",
"url": "https://bugzilla.suse.com/1118657"
},
{
"category": "self",
"summary": "SUSE Bug 1122971",
"url": "https://bugzilla.suse.com/1122971"
},
{
"category": "self",
"summary": "SUSE Bug 1136460",
"url": "https://bugzilla.suse.com/1136460"
},
{
"category": "self",
"summary": "SUSE Bug 1136461",
"url": "https://bugzilla.suse.com/1136461"
},
{
"category": "self",
"summary": "SUSE Bug 1158775",
"url": "https://bugzilla.suse.com/1158775"
},
{
"category": "self",
"summary": "SUSE Bug 1170139",
"url": "https://bugzilla.suse.com/1170139"
},
{
"category": "self",
"summary": "SUSE Bug 1172542",
"url": "https://bugzilla.suse.com/1172542"
},
{
"category": "self",
"summary": "SUSE Bug 1174726",
"url": "https://bugzilla.suse.com/1174726"
},
{
"category": "self",
"summary": "SUSE Bug 1174852",
"url": "https://bugzilla.suse.com/1174852"
},
{
"category": "self",
"summary": "SUSE Bug 1175916",
"url": "https://bugzilla.suse.com/1175916"
},
{
"category": "self",
"summary": "SUSE Bug 1176109",
"url": "https://bugzilla.suse.com/1176109"
},
{
"category": "self",
"summary": "SUSE Bug 1177304",
"url": "https://bugzilla.suse.com/1177304"
},
{
"category": "self",
"summary": "SUSE Bug 1177666",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "self",
"summary": "SUSE Bug 1177805",
"url": "https://bugzilla.suse.com/1177805"
},
{
"category": "self",
"summary": "SUSE Bug 1177808",
"url": "https://bugzilla.suse.com/1177808"
},
{
"category": "self",
"summary": "SUSE Bug 1178589",
"url": "https://bugzilla.suse.com/1178589"
},
{
"category": "self",
"summary": "SUSE Bug 1178635",
"url": "https://bugzilla.suse.com/1178635"
},
{
"category": "self",
"summary": "SUSE Bug 1178669",
"url": "https://bugzilla.suse.com/1178669"
},
{
"category": "self",
"summary": "SUSE Bug 1178897",
"url": "https://bugzilla.suse.com/1178897"
},
{
"category": "self",
"summary": "SUSE Bug 1178940",
"url": "https://bugzilla.suse.com/1178940"
},
{
"category": "self",
"summary": "SUSE Bug 1178962",
"url": "https://bugzilla.suse.com/1178962"
},
{
"category": "self",
"summary": "SUSE Bug 1179107",
"url": "https://bugzilla.suse.com/1179107"
},
{
"category": "self",
"summary": "SUSE Bug 1179140",
"url": "https://bugzilla.suse.com/1179140"
},
{
"category": "self",
"summary": "SUSE Bug 1179141",
"url": "https://bugzilla.suse.com/1179141"
},
{
"category": "self",
"summary": "SUSE Bug 1179211",
"url": "https://bugzilla.suse.com/1179211"
},
{
"category": "self",
"summary": "SUSE Bug 1179213",
"url": "https://bugzilla.suse.com/1179213"
},
{
"category": "self",
"summary": "SUSE Bug 1179259",
"url": "https://bugzilla.suse.com/1179259"
},
{
"category": "self",
"summary": "SUSE Bug 1179403",
"url": "https://bugzilla.suse.com/1179403"
},
{
"category": "self",
"summary": "SUSE Bug 1179406",
"url": "https://bugzilla.suse.com/1179406"
},
{
"category": "self",
"summary": "SUSE Bug 1179418",
"url": "https://bugzilla.suse.com/1179418"
},
{
"category": "self",
"summary": "SUSE Bug 1179421",
"url": "https://bugzilla.suse.com/1179421"
},
{
"category": "self",
"summary": "SUSE Bug 1179424",
"url": "https://bugzilla.suse.com/1179424"
},
{
"category": "self",
"summary": "SUSE Bug 1179426",
"url": "https://bugzilla.suse.com/1179426"
},
{
"category": "self",
"summary": "SUSE Bug 1179427",
"url": "https://bugzilla.suse.com/1179427"
},
{
"category": "self",
"summary": "SUSE Bug 1179429",
"url": "https://bugzilla.suse.com/1179429"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20669 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15436 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15437 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27777 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27777/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28974 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29371 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-4788 page",
"url": "https://www.suse.com/security/cve/CVE-2020-4788/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2020-12-07T11:06:42Z",
"generator": {
"date": "2020-12-07T11:06:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:2193-1",
"initial_release_date": "2020-12-07T11:06:42Z",
"revision_history": [
{
"date": "2020-12-07T11:06:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-devel-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-docs-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-docs-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-macros-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-source-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-source-4.12.14-lp151.28.87.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-debug-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-default-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-default-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"product_id": "kernel-syms-4.12.14-lp151.28.87.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-default-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-docs-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-source-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch"
},
"product_reference": "kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-lp151.28.87.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
},
"product_reference": "kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20669"
}
],
"notes": [
{
"category": "general",
"text": "An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20669",
"url": "https://www.suse.com/security/cve/CVE-2018-20669"
},
{
"category": "external",
"summary": "SUSE Bug 1122971 for CVE-2018-20669",
"url": "https://bugzilla.suse.com/1122971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "important"
}
],
"title": "CVE-2018-20669"
},
{
"cve": "CVE-2020-15436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15436"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15436",
"url": "https://www.suse.com/security/cve/CVE-2020-15436"
},
{
"category": "external",
"summary": "SUSE Bug 1179141 for CVE-2020-15436",
"url": "https://bugzilla.suse.com/1179141"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15436"
},
{
"cve": "CVE-2020-15437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15437"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15437",
"url": "https://www.suse.com/security/cve/CVE-2020-15437"
},
{
"category": "external",
"summary": "SUSE Bug 1179140 for CVE-2020-15437",
"url": "https://bugzilla.suse.com/1179140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15437"
},
{
"cve": "CVE-2020-27777",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27777"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27777",
"url": "https://www.suse.com/security/cve/CVE-2020-27777"
},
{
"category": "external",
"summary": "SUSE Bug 1179107 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1179107"
},
{
"category": "external",
"summary": "SUSE Bug 1179419 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1179419"
},
{
"category": "external",
"summary": "SUSE Bug 1200343 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1200343"
},
{
"category": "external",
"summary": "SUSE Bug 1220060 for CVE-2020-27777",
"url": "https://bugzilla.suse.com/1220060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-27777"
},
{
"cve": "CVE-2020-28974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28974"
}
],
"notes": [
{
"category": "general",
"text": "A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28974",
"url": "https://www.suse.com/security/cve/CVE-2020-28974"
},
{
"category": "external",
"summary": "SUSE Bug 1178589 for CVE-2020-28974",
"url": "https://bugzilla.suse.com/1178589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-28974"
},
{
"cve": "CVE-2020-29371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29371"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29371",
"url": "https://www.suse.com/security/cve/CVE-2020-29371"
},
{
"category": "external",
"summary": "SUSE Bug 1179429 for CVE-2020-29371",
"url": "https://bugzilla.suse.com/1179429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "low"
}
],
"title": "CVE-2020-29371"
},
{
"cve": "CVE-2020-4788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-4788"
}
],
"notes": [
{
"category": "general",
"text": "IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-4788",
"url": "https://www.suse.com/security/cve/CVE-2020-4788"
},
{
"category": "external",
"summary": "SUSE Bug 1177666 for CVE-2020-4788",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "external",
"summary": "SUSE Bug 1181158 for CVE-2020-4788",
"url": "https://bugzilla.suse.com/1181158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:kernel-debug-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-debug-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-default-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-devel-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-docs-html-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-kvmsmall-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-kvmsmall-devel-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-macros-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-obs-build-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-obs-qa-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-source-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-source-vanilla-4.12.14-lp151.28.87.1.noarch",
"openSUSE Leap 15.1:kernel-syms-4.12.14-lp151.28.87.1.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-base-4.12.14-lp151.28.87.2.x86_64",
"openSUSE Leap 15.1:kernel-vanilla-devel-4.12.14-lp151.28.87.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-07T11:06:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-4788"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…