Vulnerability from csaf_suse
Published
2020-11-14 08:18
Modified
2020-11-14 08:18
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 kernel Azure was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).
- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).
- CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).
- CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).
- CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).
- CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).
- CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).
- CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).
- CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).
- CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)
- CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).
- CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)
The following non-security bugs were fixed:
- ACPI: dock: fix enum-conversion warning (git-fixes).
- ALSA: bebob: potential info leak in hwdep_read() (git-fixes).
- ALSA: compress_offload: remove redundant initialization (git-fixes).
- ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).
- ALSA: core: pcm: simplify locking for timers (git-fixes).
- ALSA: core: timer: clarify operator precedence (git-fixes).
- ALSA: core: timer: remove redundant assignment (git-fixes).
- ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).
- ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).
- ALSA: hda - Do not register a cb func if it is registered already (git-fixes).
- ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).
- ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).
- ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).
- ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).
- ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).
- ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).
- ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).
- ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).
- ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).
- ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).
- amd-xgbe: Add a check for an skb in the timestamp path (git-fixes).
- amd-xgbe: Add additional dynamic debug messages (git-fixes).
- amd-xgbe: Add additional ethtool statistics (git-fixes).
- amd-xgbe: Add ethtool show/set channels support (git-fixes).
- amd-xgbe: Add ethtool show/set ring parameter support (git-fixes).
- amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes).
- amd-xgbe: Add hardware features debug output (git-fixes).
- amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes).
- amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes).
- amd-xgbe: Add per queue Tx and Rx statistics (git-fixes).
- amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes).
- amd-xgbe: Always attempt link training in KR mode (git-fixes).
- amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes).
- amd-xgbe: Convert to generic power management (git-fixes).
- amd-xgbe: Fix debug output of max channel counts (git-fixes).
- amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).
- amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes).
- amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes).
- amd-xgbe: fix spelling mistake: 'avialable' -> 'available' (git-fixes).
- amd-xgbe: Handle return code from software reset function (git-fixes).
- amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes).
- amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes).
- amd-xgbe: Limit the I2C error messages that are output (git-fixes).
- amd-xgbe: Mark expected switch fall-throughs (git-fixes).
- amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes).
- amd-xgbe: Prepare for ethtool set-channel support (git-fixes).
- amd-xgbe: Read and save the port property registers during probe (git-fixes).
- amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes).
- amd-xgbe: remove unnecessary conversion to bool (git-fixes).
- amd-xgbe: Remove use of comm_owned field (git-fixes).
- amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes).
- amd-xgbe: Simplify the burst length settings (git-fixes).
- amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- amd-xgbe: use dma_mapping_error to check map errors (git-fixes).
- amd-xgbe: Use __napi_schedule() in BH context (git-fixes).
- amd-xgbe: Use the proper register during PTP initialization (git-fixes).
- ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).
- ASoC: qcom: lpass-platform: fix memory leak (git-fixes).
- ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).
- ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).
- ath10k: provide survey info as accumulated data (git-fixes).
- ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).
- ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).
- ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).
- backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).
- blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).
- block: ensure bdi->io_pages is always initialized (bsc#1177749).
- Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).
- Bluetooth: Only mark socket zapped after unlocking (git-fixes).
- bnxt: do not enable NAPI until rings are ready (networking-stable-20_09_11).
- bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11).
- brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).
- brcmfmac: check ndev pointer (git-fixes).
- brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).
- btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687).
- btrfs: do not force read-only after error in drop snapshot (bsc#1176354).
- btrfs: do not set the full sync flag on the inode during page release (bsc#1177687).
- btrfs: fix incorrect updating of log root tree (bsc#1177687).
- btrfs: fix race between page release and a fast fsync (bsc#1177687).
- btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687).
- btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).
- btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).
- btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).
- btrfs: reduce contention on log trees when logging checksums (bsc#1177687).
- btrfs: release old extent maps during page release (bsc#1177687).
- btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687).
- btrfs: remove root usage from can_overcommit (bsc#1131277).
- btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687).
- btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560).
- btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).
- can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).
- can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).
- can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).
- ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234).
- ceph: map snapid to anonymous bdev ID (bsc#1178234).
- ceph: promote to unsigned long long before shifting (bsc#1178187).
- clk: at91: remove the checking of parent_name (git-fixes).
- clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).
- clk: imx8mq: Fix usdhc parents order (git-fixes).
- coredump: fix crash when umh is disabled (bsc#1177753).
- crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).
- crypto: ccp - fix error handling (git-fixes).
- crypto: dh - check validity of Z before export (bsc#1175716).
- crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175716).
- crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175716).
- crypto: ecdh - check validity of Z before export (bsc#1175716).
- crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes).
- crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes).
- crypto: omap-sham - fix digcnt register handling with export/import (git-fixes).
- cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).
- cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).
- device property: Do not clear secondary pointer for shared primary firmware node (git-fixes).
- device property: Keep secondary firmware node secondary by type (git-fixes).
- Disable CONFIG_LIVEPATCH_IPA_CLONES where not needed Explicitly disable CONFIG_LIVEPATCH_IPA_CLONES in configs where it is not needed to avoid confusion and unwanted values due to fragment config files.
- Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes
- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).
- drivers: net: add missing interrupt.h include (git-fixes).
- drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes).
- drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
- drm/gma500: fix error check (git-fixes).
- drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes).
- drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).
- drm/sun4i: mixer: Extend regmap max_register (git-fixes).
- ea43d9709f72 ('nvme: fix identify error status silent ignore')
- EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178).
- eeprom: at25: set minimum read/write access stride to 1 (git-fixes).
- ext4: fix dir_nlink behaviour (bsc#1177359).
- gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).
- gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).
- HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).
- HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).
- i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).
- i2c: meson: fix clock setting overwrite (git-fixes).
- ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).
- ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).
- ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).
- ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).
- icmp: randomize the global rate limiter (git-fixes).
- iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).
- iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes).
- iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).
- iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).
- iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).
- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).
- iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).
- iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).
- ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).
- include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)).
- Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).
- Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes).
- Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).
- Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).
- Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).
- Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).
- iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).
- iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).
- ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).
- iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).
- kbuild: enforce -Werror=return-type (bsc#1177281).
- leds: mt6323: move period calculation (git-fixes).
- libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178188).
- lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).
- lib/mpi: Add mpi_sub_ui() (bsc#1175716).
- mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).
- mac80211: handle lack of sband->bitrates in rates (git-fixes).
- macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).
- mailbox: avoid timer start from callback (git-fixes).
- media: ati_remote: sanity check for both endpoints (git-fixes).
- media: bdisp: Fix runtime PM imbalance on error (git-fixes).
- media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).
- media: exynos4-is: Fix a reference count leak (git-fixes).
- media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).
- media: firewire: fix memory leak (git-fixes).
- media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).
- media: media/pci: prevent memory leak in bttv_probe (git-fixes).
- media: omap3isp: Fix memleak in isp_probe (git-fixes).
- media: platform: fcp: Fix a reference count leak (git-fixes).
- media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).
- media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).
- media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes).
- media: s5p-mfc: Fix a reference count leak (git-fixes).
- media: saa7134: avoid a shift overflow (git-fixes).
- media: st-delta: Fix reference count leak in delta_run_work (git-fixes).
- media: sti: Fix reference count leaks (git-fixes).
- media: tc358743: initialize variable (git-fixes).
- media: ti-vpe: Fix a missing check and reference count leak (git-fixes).
- media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).
- media: usbtv: Fix refcounting mixup (git-fixes).
- media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).
- media: vsp1: Fix runtime PM imbalance on error (git-fixes).
- memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).
- memory: omap-gpmc: Fix a couple off by ones (git-fixes).
- mfd: sm501: Fix leaks in probe() (git-fixes).
- mic: vop: copy data to kernel space then write to io memory (git-fixes).
- misc: mic: scif: Fix error handling path (git-fixes).
- misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).
- misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).
- mlx5 PPC ringsize workaround (bsc#1173432).
- mlx5: remove support for ib_get_vector_affinity (bsc#1174748).
- mmc: core: do not set limits.discard_granularity as 0 (git-fixes).
- mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
- mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).
- mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).
- mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)).
- mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)).
- mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685).
- mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)).
- mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)).
- mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)).
- mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)).
- mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).
- mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)).
- mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).
- mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)).
- mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)).
- mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).
- mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)).
- Move the upstreamed bluetooth fix into sorted section
- mtd: lpddr: fix excessive stack usage with clang (git-fixes).
- mtd: mtdoops: Do not write panic data twice (git-fixes).
- mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).
- mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).
- mwifiex: fix double free (git-fixes).
- mwifiex: remove function pointer check (git-fixes).
- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).
- net: 8390: Fix manufacturer name in Kconfig help text (git-fixes).
- net: amd: fix return type of ndo_start_xmit function (git-fixes).
- net/amd: Remove useless driver version (git-fixes).
- net: amd-xgbe: fix comparison to bitshift when dealing with a mask (git-fixes).
- net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes).
- net: apple: Fix manufacturer name in Kconfig help text (git-fixes).
- net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes).
- net: disable netpoll on fresh napis (networking-stable-20_09_11).
- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
- net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).
- net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).
- net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).
- netlabel: fix problems with mapping removal (networking-stable-20_09_11).
- net/mlx5e: Take common TIR context settings into a function (bsc#1177740).
- net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740).
- net: mvmdio: defer probe of orion-mdio if a clock is not ready (git-fixes).
- net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).
- net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).
- net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).
- net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (git-fixes).
- net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).
- net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).
- net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).
- net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes).
- nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes).
- NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).
- NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).
- NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).
- nl80211: fix non-split wiphy information (git-fixes).
- NTB: hw: amd: fix an issue about leak system resources (git-fixes).
- nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf
- nvme: do not update disk info for multipathed device (bsc#1171558).
- nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748).
- nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748).
- nvme: fix possible io failures when removing multipathed ns (bsc#1174748).
- nvme: make nvme_identify_ns propagate errors back (bsc#1174748).
- nvme: make nvme_report_ns_ids propagate error back (bsc#1174748).
- nvme-multipath: do not reset on unknown status (bsc#1174748).
- nvme: Namepace identification descriptor list is optional (bsc#1174748).
- nvme: pass status to nvme_error_status (bsc#1174748).
- nvme-rdma: Avoid double freeing of async event data (bsc#1174748).
- nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).
- nvme-rdma: fix crash when connect rejected (bsc#1174748).
- nvme: return error from nvme_alloc_ns() (bsc#1174748).
- perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1114648).
- perf/x86: Fix n_pair for cancelled txn (bsc#1114648).
- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes).
- platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).
- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes).
- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes).
- powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).
- powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).
- powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).
- powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).
- powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).
- powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).
- powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).
- powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).
- powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).
- powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).
- pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes).
- pwm: lpss: Add range limit check for the base_unit register value (git-fixes).
- pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes).
- ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).
- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)
- rtl8xxxu: prevent potential memory leak (git-fixes).
- scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675).
- scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683).
- scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683).
- scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683).
- scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683).
- scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683).
- scsi: hisi_sas: Do some more tidy-up (bsc#1140683).
- scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683).
- scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh:
- scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update:
- scsi: hisi_sas: Some misc tidy-up (bsc#1140683).
- scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).
- scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).
- scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).
- scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538).
- scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538).
- sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).
- spi: fsl-espi: Only process interrupts for expected events (git-fixes).
- target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271).
- target-use-scsi_set_sense_information-helper-on-misc.patch: (bsc#1177719).
- tg3: Fix soft lockup when tg3_reset_task() fails (networking-stable-20_09_11).
- tipc: fix memory leak caused by tipc_buf_append() (git-fixes).
- tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).
- tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).
- tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).
- tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).
- tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).
- tty: ipwireless: fix error handling (git-fixes).
- tty: serial: earlycon dependency (git-fixes).
- tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).
- USB: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).
- USB: cdc-acm: handle broken union descriptors (git-fixes).
- USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).
- USB: core: Solve race condition in anchor cleanup functions (git-fixes).
- USB: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).
- USB: dwc2: Fix parameter type in function pointer prototype (git-fixes).
- USB: dwc3: core: add phy cleanup for probe error handling (git-fixes).
- USB: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).
- USB: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).
- USB: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).
- USB: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).
- USB: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes).
- USB: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).
- USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).
- USB: ohci: Default to per-port over-current protection (git-fixes).
- USB: serial: qcserial: fix altsetting probing (git-fixes).
- vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202).
- video: fbdev: sis: fix null ptr dereference (git-fixes).
- video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes).
- VMCI: check return value of get_user_pages_fast() for errors (git-fixes).
- vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).
- w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).
- watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).
- watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).
- wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).
- writeback: Avoid skipping inode writeback (bsc#1177755).
- writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).
- writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).
- x86/apic: Unify duplicated local apic timer clockevent initialization (bsc#1112178).
- x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)).
- x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178).
- x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).
- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).
- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).
- xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).
- xen/events: block rogue events for some time (XSA-332 bsc#1177411).
- xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).
- xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).
- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).
- xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).
- xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).
- xen/gntdev.c: Mark pages as dirty (bsc#1065600).
- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).
- xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600).
- xfs: avoid infinite loop when cancelling CoW blocks after writeback failure (bsc#1178027).
- xfs: limit entries returned when counting fsmap records (git-fixes).
- xgbe: no need to check return value of debugfs_create functions (git-fixes).
- xgbe: switch to more generic VxLAN detection (git-fixes).
Patchnames
SUSE-2020-3281,SUSE-SLE-SERVER-12-SP5-2020-3281
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "The SUSE Linux Enterprise 12 SP5 kernel Azure was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-25656: Fixed a concurrency use-after-free in vt_do_kdgkb_ioctl (bnc#1177766).\n- CVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n- CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bnc#1176723).\n- CVE-2020-14351: Fixed a race in the perf_mmap_close() function (bsc#1177086).\n- CVE-2020-16120: Fixed a permissions issue in ovl_path_open() (bsc#1177470).\n- CVE-2020-12351: Implemented a kABI workaround for bluetooth l2cap_ops filter addition (bsc#1177724).\n- CVE-2020-12352: Fixed an information leak when processing certain AMP packets aka 'BleedingTooth' (bsc#1177725).\n- CVE-2020-25212: Fixed a TOCTOU mismatch in the NFS client code (bnc#1176381).\n- CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177511).\n- CVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)\n- CVE-2020-27675: Fixed a race condition in event handler which may crash dom0 (XSA-331 bsc#1177410).\n- CVE-2020-25705: A ICMP global rate limiting side-channel was removed which could lead to e.g. the SADDNS attack (bsc#1175721)\n\nThe following non-security bugs were fixed:\n\n- ACPI: dock: fix enum-conversion warning (git-fixes).\n- ALSA: bebob: potential info leak in hwdep_read() (git-fixes).\n- ALSA: compress_offload: remove redundant initialization (git-fixes).\n- ALSA: core: init: use DECLARE_COMPLETION_ONSTACK() macro (git-fixes).\n- ALSA: core: pcm: simplify locking for timers (git-fixes).\n- ALSA: core: timer: clarify operator precedence (git-fixes).\n- ALSA: core: timer: remove redundant assignment (git-fixes).\n- ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock (git-fixes).\n- ALSA: hda: auto_parser: remove shadowed variable declaration (git-fixes).\n- ALSA: hda - Do not register a cb func if it is registered already (git-fixes).\n- ALSA: hda/realtek - Add mute Led support for HP Elitebook 845 G7 (git-fixes).\n- ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887 (git-fixes).\n- ALSA: hda/realtek - The front Mic on a HP machine does not work (git-fixes).\n- ALSA: hda: use semicolons rather than commas to separate statements (git-fixes).\n- ALSA: mixart: Correct comment wrt obsoleted tasklet usage (git-fixes).\n- ALSA: rawmidi: (cosmetic) align function parameters (git-fixes).\n- ALSA: seq: oss: Avoid mutex lock for a long-time ioctl (git-fixes).\n- ALSA: usb-audio: Add mixer support for Pioneer DJ DJM-250MK2 (git-fixes).\n- ALSA: usb-audio: endpoint.c: fix repeated word 'there' (git-fixes).\n- ALSA: usb-audio: fix spelling mistake 'Frequence' -> 'Frequency' (git-fixes).\n- amd-xgbe: Add a check for an skb in the timestamp path (git-fixes).\n- amd-xgbe: Add additional dynamic debug messages (git-fixes).\n- amd-xgbe: Add additional ethtool statistics (git-fixes).\n- amd-xgbe: Add ethtool show/set channels support (git-fixes).\n- amd-xgbe: Add ethtool show/set ring parameter support (git-fixes).\n- amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes).\n- amd-xgbe: Add hardware features debug output (git-fixes).\n- amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes).\n- amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes).\n- amd-xgbe: Add per queue Tx and Rx statistics (git-fixes).\n- amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes).\n- amd-xgbe: Always attempt link training in KR mode (git-fixes).\n- amd-xgbe: Be sure driver shuts down cleanly on module removal (git-fixes).\n- amd-xgbe: Convert to generic power management (git-fixes).\n- amd-xgbe: Fix debug output of max channel counts (git-fixes).\n- amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).\n- amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes).\n- amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes).\n- amd-xgbe: fix spelling mistake: 'avialable' -> 'available' (git-fixes).\n- amd-xgbe: Handle return code from software reset function (git-fixes).\n- amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes).\n- amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes).\n- amd-xgbe: Limit the I2C error messages that are output (git-fixes).\n- amd-xgbe: Mark expected switch fall-throughs (git-fixes).\n- amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes).\n- amd-xgbe: Prepare for ethtool set-channel support (git-fixes).\n- amd-xgbe: Read and save the port property registers during probe (git-fixes).\n- amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes).\n- amd-xgbe: remove unnecessary conversion to bool (git-fixes).\n- amd-xgbe: Remove use of comm_owned field (git-fixes).\n- amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes).\n- amd-xgbe: Simplify the burst length settings (git-fixes).\n- amd-xgbe: use devm_platform_ioremap_resource() to simplify code (git-fixes).\n- amd-xgbe: use dma_mapping_error to check map errors (git-fixes).\n- amd-xgbe: Use __napi_schedule() in BH context (git-fixes).\n- amd-xgbe: Use the proper register during PTP initialization (git-fixes).\n- ASoC: qcom: lpass-cpu: fix concurrency issue (git-fixes).\n- ASoC: qcom: lpass-platform: fix memory leak (git-fixes).\n- ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() (git-fixes).\n- ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path (git-fixes).\n- ath10k: provide survey info as accumulated data (git-fixes).\n- ath6kl: prevent potential array overflow in ath6kl_add_new_sta() (git-fixes).\n- ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() (git-fixes).\n- ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() (git-fixes).\n- backlight: sky81452-backlight: Fix refcount imbalance on error (git-fixes).\n- blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART (bsc#1177750).\n- block: ensure bdi->io_pages is always initialized (bsc#1177749).\n- Bluetooth: MGMT: Fix not checking if BT_HS is enabled (git-fixes).\n- Bluetooth: Only mark socket zapped after unlocking (git-fixes).\n- bnxt: do not enable NAPI until rings are ready (networking-stable-20_09_11).\n- bnxt_en: Check for zero dir entries in NVRAM (networking-stable-20_09_11).\n- brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach (git-fixes).\n- brcmfmac: check ndev pointer (git-fixes).\n- brcmsmac: fix memory leak in wlc_phy_attach_lcnphy (git-fixes).\n- btrfs: check the right error variable in btrfs_del_dir_entries_in_log (bsc#1177687).\n- btrfs: do not force read-only after error in drop snapshot (bsc#1176354).\n- btrfs: do not set the full sync flag on the inode during page release (bsc#1177687).\n- btrfs: fix incorrect updating of log root tree (bsc#1177687).\n- btrfs: fix race between page release and a fast fsync (bsc#1177687).\n- btrfs: only commit delayed items at fsync if we are logging a directory (bsc#1177687).\n- btrfs: only commit the delayed inode when doing a full fsync (bsc#1177687).\n- btrfs: qgroup: fix qgroup meta rsv leak for subvolume operations (bsc#1177856).\n- btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode (bsc#1177855).\n- btrfs: reduce contention on log trees when logging checksums (bsc#1177687).\n- btrfs: release old extent maps during page release (bsc#1177687).\n- btrfs: remove no longer needed use of log_writers for the log root tree (bsc#1177687).\n- btrfs: remove root usage from can_overcommit (bsc#1131277).\n- btrfs: stop incremening log_batch for the log root tree when syncing log (bsc#1177687).\n- btrfs: take overcommit into account in inc_block_group_ro (bsc#1176560).\n- btrfs: tree-checker: fix false alert caused by legacy btrfs root item (bsc#1177861).\n- can: c_can: reg_map_{c,d}_can: mark as __maybe_unused (git-fixes).\n- can: flexcan: flexcan_chip_stop(): add error handling and propagate error value (git-fixes).\n- can: softing: softing_card_shutdown(): add braces around empty body in an 'if' statement (git-fixes).\n- ceph: fix memory leak in ceph_cleanup_snapid_map() (bsc#1178234).\n- ceph: map snapid to anonymous bdev ID (bsc#1178234).\n- ceph: promote to unsigned long long before shifting (bsc#1178187).\n- clk: at91: remove the checking of parent_name (git-fixes).\n- clk: bcm2835: add missing release if devm_clk_hw_register fails (git-fixes).\n- clk: imx8mq: Fix usdhc parents order (git-fixes).\n- coredump: fix crash when umh is disabled (bsc#1177753).\n- crypto: algif_skcipher - EBUSY on aio should be an error (git-fixes).\n- crypto: ccp - fix error handling (git-fixes).\n- crypto: dh - check validity of Z before export (bsc#1175716).\n- crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175716).\n- crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175716).\n- crypto: ecdh - check validity of Z before export (bsc#1175716).\n- crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call (git-fixes).\n- crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() (git-fixes).\n- crypto: omap-sham - fix digcnt register handling with export/import (git-fixes).\n- cxl: Rework error message for incompatible slots (bsc#1055014 git-fixes).\n- cypto: mediatek - fix leaks in mtk_desc_ring_alloc (git-fixes).\n- device property: Do not clear secondary pointer for shared primary firmware node (git-fixes).\n- device property: Keep secondary firmware node secondary by type (git-fixes).\n- Disable CONFIG_LIVEPATCH_IPA_CLONES where not needed Explicitly disable CONFIG_LIVEPATCH_IPA_CLONES in configs where it is not needed to avoid confusion and unwanted values due to fragment config files.\n- Disable ipa-clones dump for KMP builds (bsc#1178330) The feature is not really useful for KMP, and rather confusing, so let's disable it at building out-of-tree codes\n- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (git-fixes).\n- drivers: net: add missing interrupt.h include (git-fixes).\n- drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes).\n- drm/amdgpu: prevent double kfree ttm->sg (git-fixes).\n- drm/gma500: fix error check (git-fixes).\n- drm/msm: Drop debug print in _dpu_crtc_setup_lm_bounds() (git-fixes).\n- drm/nouveau/mem: guard against NULL pointer access in mem_del (git-fixes).\n- drm/sun4i: mixer: Extend regmap max_register (git-fixes).\n- ea43d9709f72 ('nvme: fix identify error status silent ignore')\n- EDAC/i5100: Fix error handling order in i5100_init_one() (bsc#1112178).\n- eeprom: at25: set minimum read/write access stride to 1 (git-fixes).\n- ext4: fix dir_nlink behaviour (bsc#1177359).\n- gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY (networking-stable-20_08_24).\n- gtp: add GTPA_LINK info to msg sent to userspace (networking-stable-20_09_11).\n- HID: roccat: add bounds checking in kone_sysfs_write_settings() (git-fixes).\n- HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery (git-fixes).\n- i2c: imx: Fix external abort on interrupt in exit paths (git-fixes).\n- i2c: meson: fix clock setting overwrite (git-fixes).\n- ibmveth: Identify ingress large send packets (bsc#1178185 ltc#188897).\n- ibmveth: Switch order of ibmveth_helper calls (bsc#1061843 git-fixes).\n- ibmvnic: fix ibmvnic_set_mac (bsc#1066382 ltc#160943 git-fixes).\n- ibmvnic: save changed mac address to adapter->mac_addr (bsc#1134760 ltc#177449 git-fixes).\n- icmp: randomize the global rate limiter (git-fixes).\n- iio:accel:bma180: Fix use of true when should be iio_shared_by enum (git-fixes).\n- iio:adc:max1118 Fix alignment of timestamp and data leak issues (git-fixes).\n- iio:adc:ti-adc0832 Fix alignment issue with timestamp (git-fixes).\n- iio:adc:ti-adc12138 Fix alignment issue with timestamp (git-fixes).\n- iio:dac:ad5592r: Fix use of true for IIO_SHARED_BY_TYPE (git-fixes).\n- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak (git-fixes).\n- iio:light:si1145: Fix timestamp alignment and prevent data leak (git-fixes).\n- iio:magn:hmc5843: Fix passing true where iio_shared_by enum required (git-fixes).\n- ima: Remove semicolon at the end of ima_get_binary_runtime_size() (git-fixes).\n- include/linux/swapops.h: correct guards for non_swap_entry() (git-fixes (mm/swap)).\n- Input: ep93xx_keypad - fix handling of platform_get_irq() error (git-fixes).\n- Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (git-fixes).\n- Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() (git-fixes).\n- Input: omap4-keypad - fix handling of platform_get_irq() error (git-fixes).\n- Input: sun4i-ps2 - fix handling of platform_get_irq() error (git-fixes).\n- Input: twl4030_keypad - fix handling of platform_get_irq() error (git-fixes).\n- iomap: Make sure iomap_end is called after iomap_begin (bsc#1177754).\n- iommu/vt-d: Correctly calculate agaw in domain_init() (bsc#1176400).\n- ip: fix tos reflection in ack and reset packets (networking-stable-20_09_24).\n- iwlwifi: mvm: split a print to avoid a WARNING in ROC (git-fixes).\n- kbuild: enforce -Werror=return-type (bsc#1177281).\n- leds: mt6323: move period calculation (git-fixes).\n- libceph: clear con->out_msg on Policy::stateful_server faults (bsc#1178188).\n- lib/crc32.c: fix trivial typo in preprocessor condition (git-fixes).\n- lib/mpi: Add mpi_sub_ui() (bsc#1175716).\n- mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).\n- mac80211: handle lack of sband->bitrates in rates (git-fixes).\n- macsec: avoid use-after-free in macsec_handle_frame() (git-fixes).\n- mailbox: avoid timer start from callback (git-fixes).\n- media: ati_remote: sanity check for both endpoints (git-fixes).\n- media: bdisp: Fix runtime PM imbalance on error (git-fixes).\n- media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync (git-fixes).\n- media: exynos4-is: Fix a reference count leak (git-fixes).\n- media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync (git-fixes).\n- media: firewire: fix memory leak (git-fixes).\n- media: m5mols: Check function pointer in m5mols_sensor_power (git-fixes).\n- media: media/pci: prevent memory leak in bttv_probe (git-fixes).\n- media: omap3isp: Fix memleak in isp_probe (git-fixes).\n- media: platform: fcp: Fix a reference count leak (git-fixes).\n- media: platform: s3c-camif: Fix runtime PM imbalance on error (git-fixes).\n- media: platform: sti: hva: Fix runtime PM imbalance on error (git-fixes).\n- media: Revert 'media: exynos4-is: Add missed check for pinctrl_lookup_state()' (git-fixes).\n- media: s5p-mfc: Fix a reference count leak (git-fixes).\n- media: saa7134: avoid a shift overflow (git-fixes).\n- media: st-delta: Fix reference count leak in delta_run_work (git-fixes).\n- media: sti: Fix reference count leaks (git-fixes).\n- media: tc358743: initialize variable (git-fixes).\n- media: ti-vpe: Fix a missing check and reference count leak (git-fixes).\n- media: tuner-simple: fix regression in simple_set_radio_freq (git-fixes).\n- media: usbtv: Fix refcounting mixup (git-fixes).\n- media: uvcvideo: Ensure all probed info is returned to v4l2 (git-fixes).\n- media: vsp1: Fix runtime PM imbalance on error (git-fixes).\n- memory: fsl-corenet-cf: Fix handling of platform_get_irq() error (git-fixes).\n- memory: omap-gpmc: Fix a couple off by ones (git-fixes).\n- mfd: sm501: Fix leaks in probe() (git-fixes).\n- mic: vop: copy data to kernel space then write to io memory (git-fixes).\n- misc: mic: scif: Fix error handling path (git-fixes).\n- misc: rtsx: Fix memory leak in rtsx_pci_probe (git-fixes).\n- misc: vop: add round_up(x,4) for vring_size to avoid kernel panic (git-fixes).\n- mlx5 PPC ringsize workaround (bsc#1173432).\n- mlx5: remove support for ib_get_vector_affinity (bsc#1174748). \n- mmc: core: do not set limits.discard_granularity as 0 (git-fixes).\n- mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).\n- mmc: sdio: Check for CISTPL_VERS_1 buffer size (git-fixes).\n- mm/huge_memory.c: use head to check huge zero page (git-fixes (mm/thp)).\n- mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() (git-fixes (mm/hugetlb)).\n- mm/ksm.c: do not WARN if page is still mapped in remove_stable_node() (git-fixes (mm/hugetlb)).\n- mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() (bsc#1177685).\n- mm/mempolicy.c: fix out of bounds write in mpol_parse_str() (git-fixes (mm/mempolicy)).\n- mm/mempolicy.c: use match_string() helper to simplify the code (git-fixes (mm/mempolicy)).\n- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (git-fixes (mm/numa)).\n- mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages (git-fixes (mm/debug)).\n- mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() (git-fixes (mm/writeback)).\n- mm/page-writeback.c: improve arithmetic divisions (git-fixes (mm/writeback)).\n- mm/page-writeback.c: use div64_ul() for u64-by-unsigned-long divide (git-fixes (mm/writeback)).\n- mm/rmap: fixup copying of soft dirty and uffd ptes (git-fixes (mm/rmap)).\n- mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (git-fixes (mm/zsmalloc)).\n- mm/zsmalloc.c: fix race condition in zs_destroy_pool (git-fixes (mm/zsmalloc)).\n- mm/zsmalloc.c: fix the migrated zspage statistics (git-fixes (mm/zsmalloc)).\n- mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely (git-fixes (mm/zsmalloc)).\n- Move the upstreamed bluetooth fix into sorted section\n- mtd: lpddr: fix excessive stack usage with clang (git-fixes).\n- mtd: mtdoops: Do not write panic data twice (git-fixes).\n- mwifiex: do not call del_timer_sync() on uninitialized timer (git-fixes).\n- mwifiex: Do not use GFP_KERNEL in atomic context (git-fixes).\n- mwifiex: fix double free (git-fixes).\n- mwifiex: remove function pointer check (git-fixes).\n- mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO (git-fixes).\n- net: 8390: Fix manufacturer name in Kconfig help text (git-fixes).\n- net: amd: fix return type of ndo_start_xmit function (git-fixes).\n- net/amd: Remove useless driver version (git-fixes).\n- net: amd-xgbe: fix comparison to bitshift when dealing with a mask (git-fixes).\n- net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes).\n- net: apple: Fix manufacturer name in Kconfig help text (git-fixes).\n- net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes).\n- net: disable netpoll on fresh napis (networking-stable-20_09_11).\n- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).\n- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).\n- net: Fix potential wrong skb->protocol in skb_vlan_untag() (networking-stable-20_08_24).\n- net: hns: Fix memleak in hns_nic_dev_probe (networking-stable-20_09_11).\n- net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC (networking-stable-20_09_24).\n- netlabel: fix problems with mapping removal (networking-stable-20_09_11).\n- net/mlx5e: Take common TIR context settings into a function (bsc#1177740).\n- net/mlx5e: Turn on HW tunnel offload in all TIRs (bsc#1177740).\n- net: mvmdio: defer probe of orion-mdio if a clock is not ready (git-fixes).\n- net: phy: Avoid NPD upon phy_detach() when driver is unbound (networking-stable-20_09_24).\n- net: qrtr: fix usage of idr in port assignment to socket (networking-stable-20_08_24).\n- net: systemport: Fix memleak in bcm_sysport_probe (networking-stable-20_09_11).\n- net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (git-fixes).\n- net: usb: dm9601: Add USB ID of Keenetic Plus DSL (networking-stable-20_09_11).\n- net: usb: qmi_wwan: add Cellient MPL200 card (git-fixes).\n- net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (git-fixes).\n- net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (git-fixes).\n- nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() (git-fixes).\n- NFS: On fatal writeback errors, we need to call nfs_inode_remove_request() (bsc#1177340).\n- NFS: Revalidate the file mapping on all fatal writeback errors (bsc#1177340).\n- NFSv4.1 - backchannel request should hold ref on xprt (bsc#1152624).\n- nl80211: fix non-split wiphy information (git-fixes).\n- NTB: hw: amd: fix an issue about leak system resources (git-fixes).\n- nvme: add a Identify Namespace Identification Descriptor list quirk (bsc#1174748). add two previous futile attempts to fix the bug to blacklist.conf\n- nvme: do not update disk info for multipathed device (bsc#1171558). \n- nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1174748).\n- nvme: fix deadlock caused by ANA update wrong locking (bsc#1174748).\n- nvme: fix possible io failures when removing multipathed ns (bsc#1174748).\n- nvme: make nvme_identify_ns propagate errors back (bsc#1174748).\n- nvme: make nvme_report_ns_ids propagate error back (bsc#1174748).\n- nvme-multipath: do not reset on unknown status (bsc#1174748).\n- nvme: Namepace identification descriptor list is optional (bsc#1174748).\n- nvme: pass status to nvme_error_status (bsc#1174748).\n- nvme-rdma: Avoid double freeing of async event data (bsc#1174748).\n- nvme-rdma: fix crash due to incorrect cqe (bsc#1174748).\n- nvme-rdma: fix crash when connect rejected (bsc#1174748).\n- nvme: return error from nvme_alloc_ns() (bsc#1174748).\n- perf/x86/amd: Fix sampling Large Increment per Cycle events (bsc#1114648).\n- perf/x86: Fix n_pair for cancelled txn (bsc#1114648).\n- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes).\n- platform/x86: mlx-platform: Remove PSU EEPROM configuration (git-fixes).\n- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes).\n- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes).\n- powerpc/dma: Fix dma_map_ops::get_required_mask (bsc#1065729).\n- powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation (bsc#1065729).\n- powerpc/hwirq: Remove stale forward irq_chip declaration (bsc#1065729).\n- powerpc/icp-hv: Fix missing of_node_put() in success path (bsc#1065729).\n- powerpc/irq: Drop forward declaration of struct irqaction (bsc#1065729).\n- powerpc/perf/hv-gpci: Fix starting index value (bsc#1065729).\n- powerpc/powernv/dump: Fix race while processing OPAL dump (bsc#1065729).\n- powerpc/powernv/elog: Fix race while processing OPAL error log event (bsc#1065729).\n- powerpc/pseries: explicitly reschedule during drmem_lmb list traversal (bsc#1077428 ltc#163882 git-fixes).\n- powerpc/pseries: Fix missing of_node_put() in rng_init() (bsc#1065729).\n- pty: do tty_flip_buffer_push without port->lock in pty_write (git-fixes).\n- pwm: lpss: Add range limit check for the base_unit register value (git-fixes).\n- pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() (git-fixes).\n- ring-buffer: Return 0 on success from ring_buffer_resize() (git-fixes).\n- rpm/kernel-module-subpackage: make Group tag optional (bsc#1163592)\n- rtl8xxxu: prevent potential memory leak (git-fixes).\n- scsi: fnic: Do not call 'scsi_done()' for unhandled commands (bsc#1168468, bsc#1171675).\n- scsi: hisi_sas: Add debugfs ITCT file and add file operations (bsc#1140683).\n- scsi: hisi_sas: Add manual trigger for debugfs dump (bsc#1140683).\n- scsi: hisi_sas: Add missing seq_printf() call in hisi_sas_show_row_32() (bsc#1140683).\n- scsi: hisi_sas: Change return variable type in phy_up_v3_hw() (bsc#1140683).\n- scsi: hisi_sas: Correct memory allocation size for DQ debugfs (bsc#1140683).\n- scsi: hisi_sas: Do some more tidy-up (bsc#1140683).\n- scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO (bsc#1140683).\n- scsi: hisi_sas: Fix type casting and missing static qualifier in debugfs code (bsc#1140683). Refresh:\n- scsi: hisi_sas: No need to check return value of debugfs_create functions (bsc#1140683). Update:\n- scsi: hisi_sas: Some misc tidy-up (bsc#1140683).\n- scsi: ibmvfc: Fix error return in ibmvfc_probe() (bsc#1065729).\n- scsi: ibmvscsi: Fix potential race after loss of transport (bsc#1178166 ltc#188226).\n- scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).\n- scsi: qla2xxx: Add IOCB resource tracking (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Add rport fields in debugfs (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Add SLER and PI control support (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Correct the check for sscanf() return value (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix crash on session cleanup with unload (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix memory size truncation (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix MPI reset needed message (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Fix reset of MPI firmware (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Performance tweak (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Reduce duplicate code in reporting speed (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Remove unneeded variable 'rval' (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Setup debugfs entries for remote ports (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Update version to 10.02.00.102-k (bsc#1176946 bsc#1175520 bsc#1172538).\n- scsi: qla2xxx: Update version to 10.02.00.103-k (bsc#1176946 bsc#1175520 bsc#1172538).\n- sctp: not disable bh in the whole sctp_get_port_local() (networking-stable-20_09_11).\n- spi: fsl-espi: Only process interrupts for expected events (git-fixes).\n- target-rbd-fix-unmap-discard-block-size-conversion.patch: (bsc#1177271).\n- target-use-scsi_set_sense_information-helper-on-misc.patch: (bsc#1177719).\n- tg3: Fix soft lockup when tg3_reset_task() fails (networking-stable-20_09_11).\n- tipc: fix memory leak caused by tipc_buf_append() (git-fixes).\n- tipc: fix shutdown() of connectionless socket (networking-stable-20_09_11).\n- tipc: fix shutdown() of connection oriented socket (networking-stable-20_09_24).\n- tipc: fix the skb_unshare() in tipc_buf_append() (git-fixes).\n- tipc: fix uninit skb->data in tipc_nl_compat_dumpit() (networking-stable-20_08_24).\n- tipc: use skb_unshare() instead in tipc_buf_append() (networking-stable-20_09_24).\n- tty: ipwireless: fix error handling (git-fixes).\n- tty: serial: earlycon dependency (git-fixes).\n- tty: serial: fsl_lpuart: fix lpuart32_poll_get_char (git-fixes).\n- USB: cdc-acm: add quirk to blacklist ETAS ES58X devices (git-fixes).\n- USB: cdc-acm: handle broken union descriptors (git-fixes).\n- USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync() (git-fixes).\n- USB: core: Solve race condition in anchor cleanup functions (git-fixes).\n- USB: dwc2: Fix INTR OUT transfers in DDMA mode (git-fixes).\n- USB: dwc2: Fix parameter type in function pointer prototype (git-fixes).\n- USB: dwc3: core: add phy cleanup for probe error handling (git-fixes).\n- USB: dwc3: core: do not trigger runtime pm when remove driver (git-fixes).\n- USB: dwc3: ep0: Fix ZLP for OUT ep0 requests (git-fixes).\n- USB: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets (git-fixes).\n- USB: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above (git-fixes).\n- USB: gadget: function: printer: fix use-after-free in __lock_acquire (git-fixes).\n- USB: gadget: u_ether: enable qmult on SuperSpeed Plus as well (git-fixes).\n- USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n- USB: ohci: Default to per-port over-current protection (git-fixes).\n- USB: serial: qcserial: fix altsetting probing (git-fixes).\n- vfs: fix FIGETBSZ ioctl on an overlayfs file (bsc#1178202).\n- video: fbdev: sis: fix null ptr dereference (git-fixes).\n- video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error (git-fixes).\n- VMCI: check return value of get_user_pages_fast() for errors (git-fixes).\n- vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).\n- w1: mxc_w1: Fix timeout resolution problem leading to bus error (git-fixes).\n- watchdog: iTCO_wdt: Export vendorsupport (bsc#1177101).\n- watchdog: iTCO_wdt: Make ICH_RES_IO_SMI optional (bsc#1177101).\n- wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 (git-fixes).\n- writeback: Avoid skipping inode writeback (bsc#1177755).\n- writeback: Fix sync livelock due to b_dirty_time processing (bsc#1177755).\n- writeback: Protect inode->i_io_list with inode->i_lock (bsc#1177755).\n- x86/apic: Unify duplicated local apic timer clockevent initialization (bsc#1112178).\n- x86, fakenuma: Fix invalid starting node ID (git-fixes (mm/x86/fakenuma)).\n- x86/fpu: Allow multiple bits in clearcpuid= parameter (bsc#1112178).\n- x86/xen: disable Firmware First mode for correctable memory errors (bsc#1176713).\n- xen/blkback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xen/events: add a new 'late EOI' evtchn framework (XSA-332 bsc#1177411).\n- xen/events: add a proper barrier to 2-level uevent unmasking (XSA-332 bsc#1177411).\n- xen/events: avoid removing an event channel while handling it (XSA-331 bsc#1177410).\n- xen/events: block rogue events for some time (XSA-332 bsc#1177411).\n- xen/events: defer eoi in case of excessive number of events (XSA-332 bsc#1177411).\n- xen/events: do not use chip_data for legacy IRQs (XSA-332 bsc#1065600).\n- xen/events: fix race in evtchn_fifo_unmask() (XSA-332 bsc#1177411).\n- xen/events: switch user event channels to lateeoi model (XSA-332 bsc#1177411).\n- xen/events: use a common cpu hotplug hook for event channels (XSA-332 bsc#1177411).\n- xen/gntdev.c: Mark pages as dirty (bsc#1065600).\n- xen/netback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xen/pciback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xen/scsiback: use lateeoi irq binding (XSA-332 bsc#1177411).\n- xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information (XSA-332 bsc#1065600).\n- xfs: avoid infinite loop when cancelling CoW blocks after writeback failure (bsc#1178027).\n- xfs: limit entries returned when counting fsmap records (git-fixes).\n- xgbe: no need to check return value of debugfs_create functions (git-fixes).\n- xgbe: switch to more generic VxLAN detection (git-fixes).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-3281,SUSE-SLE-SERVER-12-SP5-2020-3281", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3281-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:3281-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20203281-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:3281-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007756.html", }, { category: "self", summary: "SUSE Bug 1055014", url: "https://bugzilla.suse.com/1055014", }, { category: "self", summary: "SUSE Bug 1061843", url: "https://bugzilla.suse.com/1061843", }, { category: "self", summary: "SUSE Bug 1065600", url: "https://bugzilla.suse.com/1065600", }, { category: "self", summary: "SUSE Bug 1065729", url: "https://bugzilla.suse.com/1065729", }, { category: "self", summary: "SUSE Bug 1066382", url: "https://bugzilla.suse.com/1066382", }, { category: "self", summary: "SUSE Bug 1077428", url: "https://bugzilla.suse.com/1077428", }, { category: "self", summary: "SUSE Bug 1112178", url: "https://bugzilla.suse.com/1112178", }, { category: "self", summary: "SUSE Bug 1114648", url: "https://bugzilla.suse.com/1114648", }, { category: "self", summary: "SUSE Bug 1131277", url: "https://bugzilla.suse.com/1131277", }, { category: "self", summary: "SUSE Bug 1134760", url: "https://bugzilla.suse.com/1134760", }, { category: "self", summary: "SUSE Bug 1140683", url: "https://bugzilla.suse.com/1140683", }, { category: "self", summary: "SUSE Bug 1152624", url: "https://bugzilla.suse.com/1152624", }, { category: "self", summary: "SUSE Bug 1157424", url: "https://bugzilla.suse.com/1157424", }, { category: "self", summary: "SUSE Bug 1163592", url: "https://bugzilla.suse.com/1163592", }, { category: "self", summary: "SUSE Bug 1168468", url: "https://bugzilla.suse.com/1168468", }, { category: "self", summary: "SUSE Bug 1171558", url: "https://bugzilla.suse.com/1171558", }, { category: "self", summary: "SUSE Bug 1171675", url: "https://bugzilla.suse.com/1171675", }, { category: "self", summary: "SUSE Bug 1172538", url: "https://bugzilla.suse.com/1172538", }, { category: "self", summary: "SUSE Bug 1172757", url: "https://bugzilla.suse.com/1172757", }, { category: "self", summary: "SUSE Bug 1173432", url: "https://bugzilla.suse.com/1173432", }, { category: "self", summary: "SUSE Bug 1174748", url: "https://bugzilla.suse.com/1174748", }, { category: "self", summary: "SUSE Bug 1175520", url: "https://bugzilla.suse.com/1175520", }, { category: "self", summary: "SUSE Bug 1175716", url: "https://bugzilla.suse.com/1175716", }, { category: "self", summary: "SUSE Bug 1175721", url: "https://bugzilla.suse.com/1175721", }, { category: "self", summary: "SUSE Bug 1176354", url: "https://bugzilla.suse.com/1176354", }, { category: "self", summary: "SUSE Bug 1176381", url: "https://bugzilla.suse.com/1176381", }, { category: "self", summary: "SUSE Bug 1176395", url: "https://bugzilla.suse.com/1176395", }, { category: "self", summary: "SUSE Bug 1176400", url: "https://bugzilla.suse.com/1176400", }, { category: "self", summary: "SUSE Bug 1176410", url: "https://bugzilla.suse.com/1176410", }, { category: "self", summary: "SUSE Bug 1176485", url: "https://bugzilla.suse.com/1176485", }, { category: "self", summary: "SUSE Bug 1176560", url: "https://bugzilla.suse.com/1176560", }, { category: "self", summary: "SUSE Bug 1176713", url: "https://bugzilla.suse.com/1176713", }, { category: "self", summary: "SUSE Bug 1176723", url: "https://bugzilla.suse.com/1176723", }, { category: "self", summary: "SUSE Bug 1176946", url: "https://bugzilla.suse.com/1176946", }, { category: "self", summary: "SUSE Bug 1177027", url: "https://bugzilla.suse.com/1177027", }, { category: "self", summary: "SUSE Bug 1177086", url: "https://bugzilla.suse.com/1177086", }, { category: "self", summary: "SUSE Bug 1177101", url: "https://bugzilla.suse.com/1177101", }, { category: "self", summary: "SUSE Bug 1177258", url: "https://bugzilla.suse.com/1177258", }, { category: "self", summary: "SUSE Bug 1177271", url: "https://bugzilla.suse.com/1177271", }, { category: "self", summary: "SUSE Bug 1177281", url: "https://bugzilla.suse.com/1177281", }, { category: "self", summary: "SUSE Bug 1177340", url: "https://bugzilla.suse.com/1177340", }, { category: "self", summary: "SUSE Bug 1177359", url: "https://bugzilla.suse.com/1177359", }, { category: "self", summary: "SUSE Bug 1177410", url: "https://bugzilla.suse.com/1177410", }, { category: "self", summary: "SUSE Bug 1177411", url: "https://bugzilla.suse.com/1177411", }, { category: "self", summary: "SUSE Bug 1177470", url: "https://bugzilla.suse.com/1177470", }, { category: "self", summary: "SUSE Bug 1177511", url: "https://bugzilla.suse.com/1177511", }, { category: "self", summary: "SUSE Bug 1177685", url: "https://bugzilla.suse.com/1177685", }, { category: "self", summary: "SUSE Bug 1177687", url: "https://bugzilla.suse.com/1177687", }, { category: "self", summary: "SUSE Bug 1177719", url: "https://bugzilla.suse.com/1177719", }, { category: "self", summary: "SUSE Bug 1177724", url: "https://bugzilla.suse.com/1177724", }, { category: "self", summary: "SUSE Bug 1177725", url: "https://bugzilla.suse.com/1177725", }, { category: "self", summary: "SUSE Bug 1177740", url: "https://bugzilla.suse.com/1177740", }, { category: "self", summary: "SUSE Bug 1177749", url: "https://bugzilla.suse.com/1177749", }, { category: "self", summary: "SUSE Bug 1177750", url: "https://bugzilla.suse.com/1177750", }, { category: "self", summary: "SUSE Bug 1177753", url: "https://bugzilla.suse.com/1177753", }, { category: "self", summary: "SUSE Bug 1177754", url: "https://bugzilla.suse.com/1177754", }, { category: "self", summary: "SUSE Bug 1177755", url: "https://bugzilla.suse.com/1177755", }, { category: "self", summary: "SUSE Bug 1177766", url: "https://bugzilla.suse.com/1177766", }, { category: "self", summary: "SUSE Bug 1177855", url: "https://bugzilla.suse.com/1177855", }, { category: "self", summary: "SUSE Bug 1177856", url: "https://bugzilla.suse.com/1177856", }, { category: "self", summary: "SUSE Bug 1177861", url: "https://bugzilla.suse.com/1177861", }, { category: "self", summary: "SUSE Bug 1178027", url: "https://bugzilla.suse.com/1178027", }, { category: "self", summary: "SUSE Bug 1178166", url: "https://bugzilla.suse.com/1178166", }, { category: "self", summary: "SUSE Bug 1178185", url: "https://bugzilla.suse.com/1178185", }, { category: "self", summary: "SUSE Bug 1178187", url: "https://bugzilla.suse.com/1178187", }, { category: "self", summary: "SUSE Bug 1178188", url: "https://bugzilla.suse.com/1178188", }, { category: "self", summary: "SUSE Bug 1178202", url: "https://bugzilla.suse.com/1178202", }, { category: "self", summary: "SUSE Bug 1178234", url: "https://bugzilla.suse.com/1178234", }, { category: "self", summary: "SUSE Bug 1178330", url: "https://bugzilla.suse.com/1178330", }, { category: "self", summary: "SUSE Bug 936888", url: "https://bugzilla.suse.com/936888", }, { category: "self", summary: "SUSE CVE CVE-2020-0430 page", url: "https://www.suse.com/security/cve/CVE-2020-0430/", }, { category: "self", summary: "SUSE CVE CVE-2020-12351 page", url: "https://www.suse.com/security/cve/CVE-2020-12351/", }, { category: "self", summary: "SUSE CVE CVE-2020-12352 page", url: "https://www.suse.com/security/cve/CVE-2020-12352/", }, { category: "self", summary: "SUSE CVE CVE-2020-14351 page", url: "https://www.suse.com/security/cve/CVE-2020-14351/", }, { category: "self", summary: "SUSE CVE CVE-2020-16120 page", url: "https://www.suse.com/security/cve/CVE-2020-16120/", }, { category: "self", summary: "SUSE CVE CVE-2020-25212 page", url: "https://www.suse.com/security/cve/CVE-2020-25212/", }, { category: "self", summary: "SUSE CVE CVE-2020-25285 page", url: "https://www.suse.com/security/cve/CVE-2020-25285/", }, { category: "self", summary: "SUSE CVE CVE-2020-25645 page", url: "https://www.suse.com/security/cve/CVE-2020-25645/", }, { category: "self", summary: "SUSE CVE CVE-2020-25656 page", url: "https://www.suse.com/security/cve/CVE-2020-25656/", }, { category: "self", summary: "SUSE CVE CVE-2020-25705 page", url: "https://www.suse.com/security/cve/CVE-2020-25705/", }, { category: "self", summary: "SUSE CVE CVE-2020-27673 page", url: "https://www.suse.com/security/cve/CVE-2020-27673/", }, { category: "self", summary: "SUSE CVE CVE-2020-27675 page", url: "https://www.suse.com/security/cve/CVE-2020-27675/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2020-11-14T08:18:31Z", generator: { date: "2020-11-14T08:18:31Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:3281-1", initial_release_date: "2020-11-14T08:18:31Z", revision_history: [ { date: "2020-11-14T08:18:31Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-azure-4.12.14-16.34.1.noarch", product: { name: "kernel-devel-azure-4.12.14-16.34.1.noarch", product_id: "kernel-devel-azure-4.12.14-16.34.1.noarch", }, }, { category: "product_version", name: "kernel-source-azure-4.12.14-16.34.1.noarch", product: { name: "kernel-source-azure-4.12.14-16.34.1.noarch", product_id: "kernel-source-azure-4.12.14-16.34.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "cluster-md-kmp-azure-4.12.14-16.34.1.x86_64", product: { name: "cluster-md-kmp-azure-4.12.14-16.34.1.x86_64", product_id: "cluster-md-kmp-azure-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "dlm-kmp-azure-4.12.14-16.34.1.x86_64", product: { name: "dlm-kmp-azure-4.12.14-16.34.1.x86_64", product_id: "dlm-kmp-azure-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "gfs2-kmp-azure-4.12.14-16.34.1.x86_64", product: { name: "gfs2-kmp-azure-4.12.14-16.34.1.x86_64", product_id: "gfs2-kmp-azure-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-4.12.14-16.34.1.x86_64", product: { name: "kernel-azure-4.12.14-16.34.1.x86_64", product_id: "kernel-azure-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-base-4.12.14-16.34.1.x86_64", product: { name: "kernel-azure-base-4.12.14-16.34.1.x86_64", product_id: "kernel-azure-base-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-devel-4.12.14-16.34.1.x86_64", product: { name: "kernel-azure-devel-4.12.14-16.34.1.x86_64", product_id: "kernel-azure-devel-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-extra-4.12.14-16.34.1.x86_64", product: { name: "kernel-azure-extra-4.12.14-16.34.1.x86_64", product_id: "kernel-azure-extra-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "kernel-azure-kgraft-devel-4.12.14-16.34.1.x86_64", product: { name: "kernel-azure-kgraft-devel-4.12.14-16.34.1.x86_64", product_id: "kernel-azure-kgraft-devel-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-azure-4.12.14-16.34.1.x86_64", product: { name: "kernel-syms-azure-4.12.14-16.34.1.x86_64", product_id: "kernel-syms-azure-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "kselftests-kmp-azure-4.12.14-16.34.1.x86_64", product: { name: "kselftests-kmp-azure-4.12.14-16.34.1.x86_64", product_id: "kselftests-kmp-azure-4.12.14-16.34.1.x86_64", }, }, { category: "product_version", name: "ocfs2-kmp-azure-4.12.14-16.34.1.x86_64", product: { name: "ocfs2-kmp-azure-4.12.14-16.34.1.x86_64", product_id: "ocfs2-kmp-azure-4.12.14-16.34.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-azure-4.12.14-16.34.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", }, product_reference: "kernel-azure-4.12.14-16.34.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-base-4.12.14-16.34.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", }, product_reference: "kernel-azure-base-4.12.14-16.34.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-4.12.14-16.34.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", }, product_reference: "kernel-azure-devel-4.12.14-16.34.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-4.12.14-16.34.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", }, product_reference: "kernel-devel-azure-4.12.14-16.34.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-4.12.14-16.34.1.noarch as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", }, product_reference: "kernel-source-azure-4.12.14-16.34.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-4.12.14-16.34.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", }, product_reference: "kernel-syms-azure-4.12.14-16.34.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-4.12.14-16.34.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", }, product_reference: "kernel-azure-4.12.14-16.34.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-base-4.12.14-16.34.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", }, product_reference: "kernel-azure-base-4.12.14-16.34.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-azure-devel-4.12.14-16.34.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", }, product_reference: "kernel-azure-devel-4.12.14-16.34.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-azure-4.12.14-16.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", }, product_reference: "kernel-devel-azure-4.12.14-16.34.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-source-azure-4.12.14-16.34.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", }, product_reference: "kernel-source-azure-4.12.14-16.34.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-azure-4.12.14-16.34.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", }, product_reference: "kernel-syms-azure-4.12.14-16.34.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2020-0430", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-0430", }, ], notes: [ { category: "general", text: "In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-0430", url: "https://www.suse.com/security/cve/CVE-2020-0430", }, { category: "external", summary: "SUSE Bug 1176723 for CVE-2020-0430", url: "https://bugzilla.suse.com/1176723", }, { category: "external", summary: "SUSE Bug 1178003 for CVE-2020-0430", url: "https://bugzilla.suse.com/1178003", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "important", }, ], title: "CVE-2020-0430", }, { cve: "CVE-2020-12351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-12351", }, ], notes: [ { category: "general", text: "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-12351", url: "https://www.suse.com/security/cve/CVE-2020-12351", }, { category: "external", summary: "SUSE Bug 1177724 for CVE-2020-12351", url: "https://bugzilla.suse.com/1177724", }, { category: "external", summary: "SUSE Bug 1177729 for CVE-2020-12351", url: "https://bugzilla.suse.com/1177729", }, { category: "external", summary: "SUSE Bug 1178397 for CVE-2020-12351", url: "https://bugzilla.suse.com/1178397", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "important", }, ], title: "CVE-2020-12351", }, { cve: "CVE-2020-12352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-12352", }, ], notes: [ { category: "general", text: "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-12352", url: "https://www.suse.com/security/cve/CVE-2020-12352", }, { category: "external", summary: "SUSE Bug 1177725 for CVE-2020-12352", url: "https://bugzilla.suse.com/1177725", }, { category: "external", summary: "SUSE Bug 1178398 for CVE-2020-12352", url: "https://bugzilla.suse.com/1178398", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "moderate", }, ], title: "CVE-2020-12352", }, { cve: "CVE-2020-14351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14351", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14351", url: "https://www.suse.com/security/cve/CVE-2020-14351", }, { category: "external", summary: "SUSE Bug 1177086 for CVE-2020-14351", url: "https://bugzilla.suse.com/1177086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "moderate", }, ], title: "CVE-2020-14351", }, { cve: "CVE-2020-16120", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-16120", }, ], notes: [ { category: "general", text: "Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (\"ovl: stack file ops\"). This was fixed in kernel version 5.8 by commits 56230d9 (\"ovl: verify permissions in ovl_path_open()\"), 48bd024 (\"ovl: switch to mounter creds in readdir\") and 05acefb (\"ovl: check permission to open real file\"). Additionally, commits 130fdbc (\"ovl: pass correct flags for opening real directory\") and 292f902 (\"ovl: call secutiry hook in ovl_real_ioctl()\") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (\"ovl: do not fail because of O_NOATIMEi\") in kernel 5.11.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-16120", url: "https://www.suse.com/security/cve/CVE-2020-16120", }, { category: "external", summary: "SUSE Bug 1177470 for CVE-2020-16120", url: "https://bugzilla.suse.com/1177470", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "moderate", }, ], title: "CVE-2020-16120", }, { cve: "CVE-2020-25212", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25212", }, ], notes: [ { category: "general", text: "A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25212", url: "https://www.suse.com/security/cve/CVE-2020-25212", }, { category: "external", summary: "SUSE Bug 1176381 for CVE-2020-25212", url: "https://bugzilla.suse.com/1176381", }, { category: "external", summary: "SUSE Bug 1176382 for CVE-2020-25212", url: "https://bugzilla.suse.com/1176382", }, { category: "external", summary: "SUSE Bug 1177027 for CVE-2020-25212", url: "https://bugzilla.suse.com/1177027", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "important", }, ], title: "CVE-2020-25212", }, { cve: "CVE-2020-25285", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25285", }, ], notes: [ { category: "general", text: "A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25285", url: "https://www.suse.com/security/cve/CVE-2020-25285", }, { category: "external", summary: "SUSE Bug 1176485 for CVE-2020-25285", url: "https://bugzilla.suse.com/1176485", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "moderate", }, ], title: "CVE-2020-25285", }, { cve: "CVE-2020-25645", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25645", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25645", url: "https://www.suse.com/security/cve/CVE-2020-25645", }, { category: "external", summary: "SUSE Bug 1177511 for CVE-2020-25645", url: "https://bugzilla.suse.com/1177511", }, { category: "external", summary: "SUSE Bug 1177513 for CVE-2020-25645", url: "https://bugzilla.suse.com/1177513", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "important", }, ], title: "CVE-2020-25645", }, { cve: "CVE-2020-25656", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25656", }, ], notes: [ { category: "general", text: "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25656", url: "https://www.suse.com/security/cve/CVE-2020-25656", }, { category: "external", summary: "SUSE Bug 1177766 for CVE-2020-25656", url: "https://bugzilla.suse.com/1177766", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "moderate", }, ], title: "CVE-2020-25656", }, { cve: "CVE-2020-25705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25705", }, ], notes: [ { category: "general", text: "A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-25705", url: "https://www.suse.com/security/cve/CVE-2020-25705", }, { category: "external", summary: "SUSE Bug 1175721 for CVE-2020-25705", url: "https://bugzilla.suse.com/1175721", }, { category: "external", summary: "SUSE Bug 1178782 for CVE-2020-25705", url: "https://bugzilla.suse.com/1178782", }, { category: "external", summary: "SUSE Bug 1178783 for CVE-2020-25705", url: "https://bugzilla.suse.com/1178783", }, { category: "external", summary: "SUSE Bug 1191790 for CVE-2020-25705", url: "https://bugzilla.suse.com/1191790", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "important", }, ], title: "CVE-2020-25705", }, { cve: "CVE-2020-27673", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-27673", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-27673", url: "https://www.suse.com/security/cve/CVE-2020-27673", }, { category: "external", summary: "SUSE Bug 1177411 for CVE-2020-27673", url: "https://bugzilla.suse.com/1177411", }, { category: "external", summary: "SUSE Bug 1184583 for CVE-2020-27673", url: "https://bugzilla.suse.com/1184583", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "moderate", }, ], title: "CVE-2020-27673", }, { cve: "CVE-2020-27675", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-27675", }, ], notes: [ { category: "general", text: "An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-27675", url: "https://www.suse.com/security/cve/CVE-2020-27675", }, { category: "external", summary: "SUSE Bug 1177410 for CVE-2020-27675", url: "https://bugzilla.suse.com/1177410", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.34.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.34.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.34.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2020-11-14T08:18:31Z", details: "moderate", }, ], title: "CVE-2020-27675", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.