[SUSE-SU-2020:3190-1] Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1)
Severity
Important
CVEs
4
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-197_48 fixes several issues.
The following security issues were fixed:
- CVE-2020-14381: Fixed a use-after-free in the fast user mutex (futex) wait operation, which could have lead to memory corruption and possibly privilege escalation (bsc#1176011).
- CVE-2020-25212: A TOCTOU mismatch in the NFS client code could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c (bsc#1176381).
- CVE-2020-14386: Fixed a memory corruption which could have lead to an attacker gaining root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity (bsc#1176069).
- CVE-2020-24394: The NFS server code can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support. This occurs because the current umask is not considered (bsc#1175518).
- ID
- SUSE-SU-2020:3190-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2020/suse-su-20203190-1/
- Published
-
2020-11-05T13:51:28
(3 years ago) - Modified
-
2020-11-05T13:51:28
(3 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2020-1430
- ALAS-2020-1437
- ALAS-2020-1446
- ALAS2-2020-1488
- ALAS2-2020-1495
- ALSA-2020:4431
- ALSA-2021:1578
- ASB-A-175193031
- ELSA-2020-4286
- ELSA-2020-5437
- ELSA-2020-5844
- ELSA-2020-5845
- ELSA-2020-5848
- ELSA-2020-5866
- ELSA-2020-5884
- ELSA-2020-5885
- ELSA-2021-1578
- ELSA-2021-9006
- ELSA-2021-9007
- FEDORA-2020-468121099e
- FEDORA-2020-b858b48b23
- MS:CVE-2020-14381
- MS:CVE-2020-14386
- MS:CVE-2020-24394
- MS:CVE-2020-25212
- openSUSE-SU-2020:1325-1
- openSUSE-SU-2020:1379-1
- openSUSE-SU-2020:1382-1
- openSUSE-SU-2020:1586-1
- openSUSE-SU-2020:1655-1
- openSUSE-SU-2020:1682-1
- openSUSE-SU-2020:1698-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2021:0242-1
- RHSA-2020:4286
- RHSA-2020:4289
- RHSA-2020:4331
- RHSA-2020:4431
- RHSA-2020:4609
- RHSA-2020:5437
- RHSA-2020:5441
- RHSA-2021:1578
- RHSA-2021:1739
- SSA:2020-295-01
- SUSE-SU-2020:2540-1
- SUSE-SU-2020:2541-1
- SUSE-SU-2020:2574-1
- SUSE-SU-2020:2575-1
- SUSE-SU-2020:2576-1
- SUSE-SU-2020:2577-1
- SUSE-SU-2020:2578-1
- SUSE-SU-2020:2579-1
- SUSE-SU-2020:2580-1
- SUSE-SU-2020:2582-1
- SUSE-SU-2020:2605-1
- SUSE-SU-2020:2610-1
- SUSE-SU-2020:2623-1
- SUSE-SU-2020:2631-1
- SUSE-SU-2020:2879-1
- SUSE-SU-2020:2904-1
- SUSE-SU-2020:2905-1
- SUSE-SU-2020:2906-1
- SUSE-SU-2020:2907-1
- SUSE-SU-2020:2908-1
- SUSE-SU-2020:2981-1
- SUSE-SU-2020:2999-1
- SUSE-SU-2020:3014-1
- SUSE-SU-2020:3178-1
- SUSE-SU-2020:3180-1
- SUSE-SU-2020:3181-1
- SUSE-SU-2020:3186-1
- SUSE-SU-2020:3187-1
- SUSE-SU-2020:3188-1
- SUSE-SU-2020:3204-1
- SUSE-SU-2020:3210-1
- SUSE-SU-2020:3219-1
- SUSE-SU-2020:3222-1
- SUSE-SU-2020:3225-1
- SUSE-SU-2020:3230-1
- SUSE-SU-2020:3281-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3491-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- USN-4465-1
- USN-4483-1
- USN-4485-1
- USN-4489-1
- USN-4525-1
- USN-4527-1
- USN-4578-1
- USN-4752-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3190-1.json | |
Suse | URL for SUSE-SU-2020:3190-1 | https://www.suse.com/support/update/announcement/2020/suse-su-20203190-1/ | |
Suse | E-Mail link for SUSE-SU-2020:3190-1 | https://lists.suse.com/pipermail/sle-security-updates/2020-November/007708.html | |
Bugzilla | SUSE Bug 1175992 | https://bugzilla.suse.com/1175992 | |
Bugzilla | SUSE Bug 1176012 | https://bugzilla.suse.com/1176012 | |
Bugzilla | SUSE Bug 1176072 | https://bugzilla.suse.com/1176072 | |
Bugzilla | SUSE Bug 1176382 | https://bugzilla.suse.com/1176382 | |
CVE | SUSE CVE CVE-2020-14381 page | https://www.suse.com/security/cve/CVE-2020-14381/ | |
CVE | SUSE CVE CVE-2020-14386 page | https://www.suse.com/security/cve/CVE-2020-14386/ | |
CVE | SUSE CVE CVE-2020-24394 page | https://www.suse.com/security/cve/CVE-2020-24394/ | |
CVE | SUSE CVE CVE-2020-25212 page | https://www.suse.com/security/cve/CVE-2020-25212/ |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |