[SUSE-SU-2020:3178-1] Security update for the Linux Kernel (Live Patch 20 for SLE 15)
Severity
Important
CVEs
4
Security update for the Linux Kernel (Live Patch 20 for SLE 15)
This update for the Linux Kernel 4.12.14-150_58 fixes several issues.
The following security issues were fixed:
- CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).
- CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bsc#1176722)
- CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381).
- CVE-2020-11668: Fixed an out of bounds write to the heap in drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) caused by mishandling invalid descriptors (bsc#1168952).
- ID
- SUSE-SU-2020:3178-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/
- Published
-
2020-11-05T13:49:07
(3 years ago) - Modified
-
2020-11-05T13:49:07
(3 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2020-1437
- ALAS2-2020-1495
- ALSA-2020:4431
- ALSA-2021:1578
- ASB-A-175193031
- DSA-4698-1
- ELSA-2020-5437
- ELSA-2020-5691
- ELSA-2020-5708
- ELSA-2020-5715
- ELSA-2020-5866
- ELSA-2020-5884
- ELSA-2020-5885
- ELSA-2021-1578
- ELSA-2021-2725
- ELSA-2021-9006
- ELSA-2021-9007
- ELSA-2021-9079
- ELSA-2021-9085
- ELSA-2021-9086
- MS:CVE-2020-11668
- MS:CVE-2020-14381
- MS:CVE-2020-25212
- openSUSE-SU-2020:1586-1
- openSUSE-SU-2020:1655-1
- openSUSE-SU-2020:1682-1
- openSUSE-SU-2020:1698-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2021:0060-1
- openSUSE-SU-2021:0075-1
- openSUSE-SU-2021:0242-1
- RHSA-2020:4431
- RHSA-2020:4609
- RHSA-2020:5437
- RHSA-2020:5441
- RHSA-2021:1578
- RHSA-2021:1739
- RHSA-2021:2725
- RHSA-2021:2726
- SSA:2020-163-01
- SSA:2020-295-01
- SUSE-SU-2020:2491-1
- SUSE-SU-2020:2492-1
- SUSE-SU-2020:2497-1
- SUSE-SU-2020:2498-1
- SUSE-SU-2020:2499-1
- SUSE-SU-2020:2502-1
- SUSE-SU-2020:2505-1
- SUSE-SU-2020:2506-1
- SUSE-SU-2020:2507-1
- SUSE-SU-2020:2513-1
- SUSE-SU-2020:2524-1
- SUSE-SU-2020:2525-1
- SUSE-SU-2020:2526-1
- SUSE-SU-2020:2531-1
- SUSE-SU-2020:2879-1
- SUSE-SU-2020:2904-1
- SUSE-SU-2020:2905-1
- SUSE-SU-2020:2906-1
- SUSE-SU-2020:2907-1
- SUSE-SU-2020:2908-1
- SUSE-SU-2020:2981-1
- SUSE-SU-2020:2999-1
- SUSE-SU-2020:3014-1
- SUSE-SU-2020:3180-1
- SUSE-SU-2020:3181-1
- SUSE-SU-2020:3186-1
- SUSE-SU-2020:3187-1
- SUSE-SU-2020:3188-1
- SUSE-SU-2020:3190-1
- SUSE-SU-2020:3204-1
- SUSE-SU-2020:3210-1
- SUSE-SU-2020:3219-1
- SUSE-SU-2020:3222-1
- SUSE-SU-2020:3225-1
- SUSE-SU-2020:3230-1
- SUSE-SU-2020:3281-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3491-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- SUSE-SU-2020:3648-1
- SUSE-SU-2020:3656-1
- SUSE-SU-2020:3705-1
- SUSE-SU-2021:0096-1
- SUSE-SU-2021:0097-1
- SUSE-SU-2021:0108-1
- SUSE-SU-2021:0117-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0452-1
- USN-4345-1
- USN-4364-1
- USN-4368-1
- USN-4369-1
- USN-4525-1
- USN-4527-1
- USN-4578-1
- USN-4752-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3178-1.json | |
Suse | URL for SUSE-SU-2020:3178-1 | https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/ | |
Suse | E-Mail link for SUSE-SU-2020:3178-1 | https://lists.suse.com/pipermail/sle-security-updates/2020-November/007706.html | |
Bugzilla | SUSE Bug 1173942 | https://bugzilla.suse.com/1173942 | |
Bugzilla | SUSE Bug 1176012 | https://bugzilla.suse.com/1176012 | |
Bugzilla | SUSE Bug 1176382 | https://bugzilla.suse.com/1176382 | |
Bugzilla | SUSE Bug 1176896 | https://bugzilla.suse.com/1176896 | |
CVE | SUSE CVE CVE-2020-0431 page | https://www.suse.com/security/cve/CVE-2020-0431/ | |
CVE | SUSE CVE CVE-2020-11668 page | https://www.suse.com/security/cve/CVE-2020-11668/ | |
CVE | SUSE CVE CVE-2020-14381 page | https://www.suse.com/security/cve/CVE-2020-14381/ | |
CVE | SUSE CVE CVE-2020-25212 page | https://www.suse.com/security/cve/CVE-2020-25212/ |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |