suse-su-2020:3230-1
Vulnerability from csaf_suse
Published
2020-11-06 14:36
Modified
2020-11-06 14:36
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).
- CVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).
- CVE-2020-25641: Allowed for_each_bvec to support zero len bvec (bsc#1177121).
- CVE-2020-25645: Added transport ports in route lookup for geneve (bsc#1177511).
The following non-security bugs were fixed:
- 9p: Fix memory leak in v9fs_mount (git-fixes).
- ACPI: EC: Reference count query handlers under lock (git-fixes).
- airo: Fix read overflows sending packets (git-fixes).
- ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).
- ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes).
- ASoC: kirkwood: fix IRQ error handling (git-fixes).
- ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes).
- ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes).
- ath10k: fix array out-of-bounds access (git-fixes).
- ath10k: fix memory leak for tpc_stats_final (git-fixes).
- ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).
- Bluetooth: Fix refcount use-after-free issue (git-fixes).
- Bluetooth: guard against controllers sending zero'd events (git-fixes).
- Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes).
- Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes).
- Bluetooth: prefetch channel before killing sock (git-fixes).
- brcmfmac: Fix double freeing in the fmac usb data path (git-fixes).
- btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019).
- btrfs: block-group: fix free-space bitmap threshold (bsc#1176019).
- btrfs: block-group: refactor how we delete one block group item (bsc#1176019).
- btrfs: block-group: refactor how we insert a block group item (bsc#1176019).
- btrfs: block-group: refactor how we read one block group item (bsc#1176019).
- btrfs: block-group: rename write_one_cache_group() (bsc#1176019).
- btrfs: do not take an extra root ref at allocation time (bsc#1176019).
- btrfs: drop logs when we've aborted a transaction (bsc#1176019).
- btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019).
- btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019).
- btrfs: free block groups after free'ing fs trees (bsc#1176019).
- btrfs: hold a ref on the root on the dead roots list (bsc#1176019).
- btrfs: kill the subvol_srcu (bsc#1176019).
- btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019).
- btrfs: make inodes hold a ref on their roots (bsc#1176019).
- btrfs: make the extent buffer leak check per fs info (bsc#1176019).
- btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019).
- btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019).
- btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019).
- btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019).
- btrfs: rename member 'trimming' of block group to a more generic name (bsc#1176019).
- btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019).
- bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes).
- clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED (git-fixes).
- clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes).
- clk: tegra: Always program PLL_E when enabled (git-fixes).
- clk/ti/adpll: allocate room for terminating null (git-fixes).
- clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes).
- clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes).
- cpuidle: Poll for a minimum of 30ns and poll for a tick if lower c-states are disabled (bnc#1176588).
- crypto: dh - check validity of Z before export (bsc#1175718).
- crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718).
- crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718).
- crypto: ecdh - check validity of Z before export (bsc#1175718).
- dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes).
- dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes).
- dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes).
- dmaengine: tegra-apb: Prevent race conditions on channel's freeing (git-fixes).
- dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).
- dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes).
- drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes).
- drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes).
- drm/radeon: revert 'Prefer lower feedback dividers' (bsc#1177384).
- e1000: Do not perform reset in reset_task if we are already down (git-fixes).
- ftrace: Move RCU is watching check after recursion check (git-fixes).
- fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193).
- gpio: mockup: fix resource leak in error path (git-fixes).
- gpio: rcar: Fix runtime PM imbalance on error (git-fixes).
- gpio: siox: explicitly support only threaded irqs (git-fixes).
- gpio: sprd: Clear interrupt when setting the type as edge (git-fixes).
- gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).
- hwmon: (applesmc) check status earlier (git-fixes).
- i2c: aspeed: Mask IRQ status to relevant bits (git-fixes).
- i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes).
- i2c: i801: Exclude device from suspend direct complete optimization (git-fixes).
- i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes).
- i2c: tegra: Restore pinmux on system resume (git-fixes).
- ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).
- ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).
- iio: adc: qcom-spmi-adc5: fix driver name (git-fixes).
- Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532).
- Input: trackpoint - enable Synaptics trackpoints (git-fixes).
- iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297).
- iommu/amd: Fix potential @entry null deref (bsc#1177283).
- iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284).
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285).
- iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286).
- kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).
- leds: mlxreg: Fix possible buffer overflow (git-fixes).
- lib/mpi: Add mpi_sub_ui() (bsc#1175718).
- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
- mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).
- mac80211: skip mpath lookup also for control port tx (git-fixes).
- mac802154: tx: fix use-after-free (git-fixes).
- media: mc-device.c: fix memleak in media_device_register_entity (git-fixes).
- media: smiapp: Fix error handling at NVM reading (git-fixes).
- media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).
- mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes).
- mmc: core: Rework wp-gpio handling (git-fixes).
- mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes).
- mt76: add missing locking around ampdu action (git-fixes).
- mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes).
- mt76: do not use devm API for led classdev (git-fixes).
- mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes).
- mt76: fix LED link time failure (git-fixes).
- mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of cfi_amdstd_setup() (git-fixes).
- mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes).
- mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes).
- net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes).
- nfs: Fix security label length not being reset (bsc#1176381).
- PCI: Avoid double hpmemsize MMIO window assignment (git-fixes).
- PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).
- PCI: tegra194: Fix runtime PM imbalance on error (git-fixes).
- PCI: tegra: Fix runtime PM imbalance on error (git-fixes).
- phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes).
- pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).
- Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes).
- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes).
- platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes).
- platform/x86: intel_pmc_core: do not create a static struct device (git-fixes).
- platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599).
- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes).
- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes).
- power: supply: max17040: Correct voltage reading (git-fixes).
- Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#1171675).
- rtc: ds1374: fix possible race condition (git-fixes).
- rtc: sa1100: fix possible race condition (git-fixes).
- s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).
- sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)).
- sched/numa: Avoid creating large imbalances at task creation time (bnc#1176588).
- sched/numa: Check numa balancing information only when enabled (bnc#1176588).
- sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)).
- scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).
- serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes).
- serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes).
- serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).
- serial: uartps: Wait for tx_empty in console setup (git-fixes).
- spi: fsl-espi: Only process interrupts for expected events (git-fixes).
- staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes).
- thermal: rcar_thermal: Handle probe error gracefully (git-fixes).
- Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194).
- usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes).
- USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).
- USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes).
- USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).
- vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979).
- vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).
- wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes).
- wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes).
- xen/events: do not use chip_data for legacy IRQs (bsc#1065600).
- yam: fix possible memory leak in yam_init_driver (git-fixes).
Patchnames
SUSE-2020-3230,SUSE-SLE-Module-RT-15-SP2-2020-3230
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).\n- CVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).\n- CVE-2020-25641: Allowed for_each_bvec to support zero len bvec (bsc#1177121).\n- CVE-2020-25645: Added transport ports in route lookup for geneve (bsc#1177511).\n\nThe following non-security bugs were fixed:\n\n- 9p: Fix memory leak in v9fs_mount (git-fixes).\n- ACPI: EC: Reference count query handlers under lock (git-fixes).\n- airo: Fix read overflows sending packets (git-fixes).\n- ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).\n- ASoC: img-i2s-out: Fix runtime PM imbalance on error (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 (git-fixes).\n- ASoC: kirkwood: fix IRQ error handling (git-fixes).\n- ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions (git-fixes).\n- ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 (git-fixes).\n- ath10k: fix array out-of-bounds access (git-fixes).\n- ath10k: fix memory leak for tpc_stats_final (git-fixes).\n- ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).\n- Bluetooth: Fix refcount use-after-free issue (git-fixes).\n- Bluetooth: guard against controllers sending zero\u0027d events (git-fixes).\n- Bluetooth: Handle Inquiry Cancel error after Inquiry Complete (git-fixes).\n- Bluetooth: L2CAP: handle l2cap config request during open state (git-fixes).\n- Bluetooth: prefetch channel before killing sock (git-fixes).\n- brcmfmac: Fix double freeing in the fmac usb data path (git-fixes).\n- btrfs: block-group: do not set the wrong READA flag for btrfs_read_block_groups() (bsc#1176019).\n- btrfs: block-group: fix free-space bitmap threshold (bsc#1176019).\n- btrfs: block-group: refactor how we delete one block group item (bsc#1176019).\n- btrfs: block-group: refactor how we insert a block group item (bsc#1176019).\n- btrfs: block-group: refactor how we read one block group item (bsc#1176019).\n- btrfs: block-group: rename write_one_cache_group() (bsc#1176019).\n- btrfs: do not take an extra root ref at allocation time (bsc#1176019).\n- btrfs: drop logs when we\u0027ve aborted a transaction (bsc#1176019).\n- btrfs: fix a race between scrub and block group removal/allocation (bsc#1176019).\n- btrfs: fix crash during unmount due to race with delayed inode workers (bsc#1176019).\n- btrfs: free block groups after free\u0027ing fs trees (bsc#1176019).\n- btrfs: hold a ref on the root on the dead roots list (bsc#1176019).\n- btrfs: kill the subvol_srcu (bsc#1176019).\n- btrfs: make btrfs_cleanup_fs_roots use the radix tree lock (bsc#1176019).\n- btrfs: make inodes hold a ref on their roots (bsc#1176019).\n- btrfs: make the extent buffer leak check per fs info (bsc#1176019).\n- btrfs: move ino_cache_inode dropping out of btrfs_free_fs_root (bsc#1176019).\n- btrfs: move the block group freeze/unfreeze helpers into block-group.c (bsc#1176019).\n- btrfs: move the root freeing stuff into btrfs_put_root (bsc#1176019).\n- btrfs: remove no longer necessary chunk mutex locking cases (bsc#1176019).\n- btrfs: rename member \u0027trimming\u0027 of block group to a more generic name (bsc#1176019).\n- btrfs: scrub, only lookup for csums if we are dealing with a data extent (bsc#1176019).\n- bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal (git-fixes).\n- clk: samsung: exynos4: mark \u0027chipid\u0027 clock as CLK_IGNORE_UNUSED (git-fixes).\n- clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk (git-fixes).\n- clk: tegra: Always program PLL_E when enabled (git-fixes).\n- clk/ti/adpll: allocate room for terminating null (git-fixes).\n- clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() (git-fixes).\n- clocksource/drivers/timer-gx6605s: Fixup counter reload (git-fixes).\n- cpuidle: Poll for a minimum of 30ns and poll for a tick if lower c-states are disabled (bnc#1176588).\n- crypto: dh - check validity of Z before export (bsc#1175718).\n- crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718).\n- crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718).\n- crypto: ecdh - check validity of Z before export (bsc#1175718).\n- dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails (git-fixes).\n- dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all (git-fixes).\n- dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all (git-fixes).\n- dmaengine: tegra-apb: Prevent race conditions on channel\u0027s freeing (git-fixes).\n- dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).\n- dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) (git-fixes).\n- drivers: char: tlclk.c: Avoid data race between init and interrupt handler (git-fixes).\n- drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config (git-fixes).\n- drm/radeon: revert \u0027Prefer lower feedback dividers\u0027 (bsc#1177384).\n- e1000: Do not perform reset in reset_task if we are already down (git-fixes).\n- ftrace: Move RCU is watching check after recursion check (git-fixes).\n- fuse: do not ignore errors from fuse_writepages_fill() (bsc#1177193).\n- gpio: mockup: fix resource leak in error path (git-fixes).\n- gpio: rcar: Fix runtime PM imbalance on error (git-fixes).\n- gpio: siox: explicitly support only threaded irqs (git-fixes).\n- gpio: sprd: Clear interrupt when setting the type as edge (git-fixes).\n- gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).\n- hwmon: (applesmc) check status earlier (git-fixes).\n- i2c: aspeed: Mask IRQ status to relevant bits (git-fixes).\n- i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() (git-fixes).\n- i2c: i801: Exclude device from suspend direct complete optimization (git-fixes).\n- i2c: tegra: Prevent interrupt triggering after transfer timeout (git-fixes).\n- i2c: tegra: Restore pinmux on system resume (git-fixes).\n- ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).\n- ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).\n- iio: adc: qcom-spmi-adc5: fix driver name (git-fixes).\n- Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 (bsc#954532).\n- Input: trackpoint - enable Synaptics trackpoints (git-fixes).\n- iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE (bsc#1177297).\n- iommu/amd: Fix potential @entry null deref (bsc#1177283).\n- iommu/amd: Re-factor guest virtual APIC (de-)activation code (bsc#1177284).\n- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (bsc#1177285).\n- iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() (bsc#1177286).\n- kABI: Fix kABI for 12856e7acde4 PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).\n- leds: mlxreg: Fix possible buffer overflow (git-fixes).\n- lib/mpi: Add mpi_sub_ui() (bsc#1175718).\n- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).\n- mac80211: do not allow bigger VHT MPDUs than the hardware supports (git-fixes).\n- mac80211: skip mpath lookup also for control port tx (git-fixes).\n- mac802154: tx: fix use-after-free (git-fixes).\n- media: mc-device.c: fix memleak in media_device_register_entity (git-fixes).\n- media: smiapp: Fix error handling at NVM reading (git-fixes).\n- media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).\n- mfd: mfd-core: Protect against NULL call-back function pointer (git-fixes).\n- mmc: core: Rework wp-gpio handling (git-fixes).\n- mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models (git-fixes).\n- mt76: add missing locking around ampdu action (git-fixes).\n- mt76: clear skb pointers from rx aggregation reorder buffer during cleanup (git-fixes).\n- mt76: do not use devm API for led classdev (git-fixes).\n- mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (git-fixes).\n- mt76: fix LED link time failure (git-fixes).\n- mtd: cfi_cmdset_0002: do not free cfi-\u003ecfiq in error path of cfi_amdstd_setup() (git-fixes).\n- mtd: rawnand: gpmi: Fix runtime PM imbalance on error (git-fixes).\n- mtd: rawnand: omap_elm: Fix runtime PM imbalance on error (git-fixes).\n- net: phy: realtek: fix rtl8211e rx/tx delay config (git-fixes).\n- nfs: Fix security label length not being reset (bsc#1176381).\n- PCI: Avoid double hpmemsize MMIO window assignment (git-fixes).\n- PCI/IOV: Mark VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).\n- PCI: tegra194: Fix runtime PM imbalance on error (git-fixes).\n- PCI: tegra: Fix runtime PM imbalance on error (git-fixes).\n- phy: ti: am654: Fix a leak in serdes_am654_probe() (git-fixes).\n- pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).\n- Platform: OLPC: Fix memleak in olpc_ec_probe (git-fixes).\n- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (git-fixes).\n- platform/x86: fix kconfig dependency warning for LG_LAPTOP (git-fixes).\n- platform/x86: intel_pmc_core: do not create a static struct device (git-fixes).\n- platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1175599).\n- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (git-fixes).\n- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (git-fixes).\n- power: supply: max17040: Correct voltage reading (git-fixes).\n- Refresh patches.suse/fnic-to-not-call-scsi_done-for-unhandled-commands.patch (bsc#1168468, bsc#1171675).\n- rtc: ds1374: fix possible race condition (git-fixes).\n- rtc: sa1100: fix possible race condition (git-fixes).\n- s390/pci: Mark all VFs as not implementing PCI_COMMAND_MEMORY (bsc#1176979).\n- sched/fair: Ignore cache hotness for SMT migration (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/fair: Use dst group while checking imbalance for NUMA balancer (bnc#1155798 (CPU scheduler functional and performance backports)).\n- sched/numa: Avoid creating large imbalances at task creation time (bnc#1176588).\n- sched/numa: Check numa balancing information only when enabled (bnc#1176588).\n- sched/numa: Use runnable_avg to classify node (bnc#1155798 (CPU scheduler functional and performance backports)).\n- scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername() (bsc#1177258).\n- serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout (git-fixes).\n- serial: 8250_omap: Fix sleeping function called from invalid context during probe (git-fixes).\n- serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).\n- serial: uartps: Wait for tx_empty in console setup (git-fixes).\n- spi: fsl-espi: Only process interrupts for expected events (git-fixes).\n- staging:r8188eu: avoid skb_clone for amsdu to msdu conversion (git-fixes).\n- thermal: rcar_thermal: Handle probe error gracefully (git-fixes).\n- Update config files. Enable ACPI_PCI_SLOT and HOTPLUG_PCI_ACPI (bsc#1177194).\n- usb: dwc3: Increase timeout for CmdAct cleared by device controller (git-fixes).\n- USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).\n- USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int (git-fixes).\n- USB: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).\n- vfio/pci: Decouple PCI_COMMAND_MEMORY bit checks from is_virtfn (bsc#1176979).\n- vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).\n- wlcore: fix runtime pm imbalance in wl1271_tx_work (git-fixes).\n- wlcore: fix runtime pm imbalance in wlcore_regdomain_config (git-fixes).\n- xen/events: do not use chip_data for legacy IRQs (bsc#1065600).\n- yam: fix possible memory leak in yam_init_driver (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3230,SUSE-SLE-Module-RT-15-SP2-2020-3230",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3230-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3230-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203230-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3230-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007730.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1155798",
"url": "https://bugzilla.suse.com/1155798"
},
{
"category": "self",
"summary": "SUSE Bug 1168468",
"url": "https://bugzilla.suse.com/1168468"
},
{
"category": "self",
"summary": "SUSE Bug 1171675",
"url": "https://bugzilla.suse.com/1171675"
},
{
"category": "self",
"summary": "SUSE Bug 1175599",
"url": "https://bugzilla.suse.com/1175599"
},
{
"category": "self",
"summary": "SUSE Bug 1175718",
"url": "https://bugzilla.suse.com/1175718"
},
{
"category": "self",
"summary": "SUSE Bug 1176019",
"url": "https://bugzilla.suse.com/1176019"
},
{
"category": "self",
"summary": "SUSE Bug 1176381",
"url": "https://bugzilla.suse.com/1176381"
},
{
"category": "self",
"summary": "SUSE Bug 1176588",
"url": "https://bugzilla.suse.com/1176588"
},
{
"category": "self",
"summary": "SUSE Bug 1176979",
"url": "https://bugzilla.suse.com/1176979"
},
{
"category": "self",
"summary": "SUSE Bug 1177027",
"url": "https://bugzilla.suse.com/1177027"
},
{
"category": "self",
"summary": "SUSE Bug 1177121",
"url": "https://bugzilla.suse.com/1177121"
},
{
"category": "self",
"summary": "SUSE Bug 1177193",
"url": "https://bugzilla.suse.com/1177193"
},
{
"category": "self",
"summary": "SUSE Bug 1177194",
"url": "https://bugzilla.suse.com/1177194"
},
{
"category": "self",
"summary": "SUSE Bug 1177206",
"url": "https://bugzilla.suse.com/1177206"
},
{
"category": "self",
"summary": "SUSE Bug 1177258",
"url": "https://bugzilla.suse.com/1177258"
},
{
"category": "self",
"summary": "SUSE Bug 1177283",
"url": "https://bugzilla.suse.com/1177283"
},
{
"category": "self",
"summary": "SUSE Bug 1177284",
"url": "https://bugzilla.suse.com/1177284"
},
{
"category": "self",
"summary": "SUSE Bug 1177285",
"url": "https://bugzilla.suse.com/1177285"
},
{
"category": "self",
"summary": "SUSE Bug 1177286",
"url": "https://bugzilla.suse.com/1177286"
},
{
"category": "self",
"summary": "SUSE Bug 1177297",
"url": "https://bugzilla.suse.com/1177297"
},
{
"category": "self",
"summary": "SUSE Bug 1177384",
"url": "https://bugzilla.suse.com/1177384"
},
{
"category": "self",
"summary": "SUSE Bug 1177511",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "self",
"summary": "SUSE Bug 954532",
"url": "https://bugzilla.suse.com/954532"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25212 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25212/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25641 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25643 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25643/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25645 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25645/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2020-11-06T14:36:12Z",
"generator": {
"date": "2020-11-06T14:36:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3230-1",
"initial_release_date": "2020-11-06T14:36:12Z",
"revision_history": [
{
"date": "2020-11-06T14:36:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-13.1.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-13.1.noarch",
"product_id": "kernel-devel-rt-5.3.18-13.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-13.1.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-13.1.noarch",
"product_id": "kernel-source-rt-5.3.18-13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-13.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-13.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-13.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-13.1.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-13.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-13.1.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-13.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-13.1.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-13.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-13.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-rt-5.3.18-13.1.x86_64",
"product_id": "kernel-rt-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-13.1.x86_64",
"product_id": "kernel-rt-devel-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-13.1.x86_64",
"product_id": "kernel-rt-extra-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-13.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-13.1.x86_64",
"product_id": "kernel-rt_debug-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-13.1.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-13.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-13.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-13.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-13.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-13.1.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-13.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-13.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-13.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-13.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-13.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-13.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-13.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-13.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-13.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-13.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-13.1.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP2",
"product": {
"name": "SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-5.3.18-13.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-5.3.18-13.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64"
},
"product_reference": "dlm-kmp-rt-5.3.18-13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-5.3.18-13.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-5.3.18-13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.3.18-13.1.noarch as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch"
},
"product_reference": "kernel-devel-rt-5.3.18-13.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-13.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-5.3.18-13.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64"
},
"product_reference": "kernel-rt-devel-5.3.18-13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-5.3.18-13.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-13.1.noarch as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-13.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-5.3.18-13.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64"
},
"product_reference": "kernel-syms-rt-5.3.18-13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-5.3.18-13.1.x86_64 as component of SUSE Real Time Module 15 SP2",
"product_id": "SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-5.3.18-13.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25212"
}
],
"notes": [
{
"category": "general",
"text": "A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25212",
"url": "https://www.suse.com/security/cve/CVE-2020-25212"
},
{
"category": "external",
"summary": "SUSE Bug 1176381 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1176381"
},
{
"category": "external",
"summary": "SUSE Bug 1176382 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1176382"
},
{
"category": "external",
"summary": "SUSE Bug 1177027 for CVE-2020-25212",
"url": "https://bugzilla.suse.com/1177027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:36:12Z",
"details": "important"
}
],
"title": "CVE-2020-25212"
},
{
"cve": "CVE-2020-25641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25641"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25641",
"url": "https://www.suse.com/security/cve/CVE-2020-25641"
},
{
"category": "external",
"summary": "SUSE Bug 1177121 for CVE-2020-25641",
"url": "https://bugzilla.suse.com/1177121"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:36:12Z",
"details": "moderate"
}
],
"title": "CVE-2020-25641"
},
{
"cve": "CVE-2020-25643",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25643"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25643",
"url": "https://www.suse.com/security/cve/CVE-2020-25643"
},
{
"category": "external",
"summary": "SUSE Bug 1177206 for CVE-2020-25643",
"url": "https://bugzilla.suse.com/1177206"
},
{
"category": "external",
"summary": "SUSE Bug 1177226 for CVE-2020-25643",
"url": "https://bugzilla.suse.com/1177226"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:36:12Z",
"details": "important"
}
],
"title": "CVE-2020-25643"
},
{
"cve": "CVE-2020-25645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25645"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25645",
"url": "https://www.suse.com/security/cve/CVE-2020-25645"
},
{
"category": "external",
"summary": "SUSE Bug 1177511 for CVE-2020-25645",
"url": "https://bugzilla.suse.com/1177511"
},
{
"category": "external",
"summary": "SUSE Bug 1177513 for CVE-2020-25645",
"url": "https://bugzilla.suse.com/1177513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Real Time Module 15 SP2:cluster-md-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:dlm-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:gfs2-kmp-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-devel-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-rt_debug-devel-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:kernel-source-rt-5.3.18-13.1.noarch",
"SUSE Real Time Module 15 SP2:kernel-syms-rt-5.3.18-13.1.x86_64",
"SUSE Real Time Module 15 SP2:ocfs2-kmp-rt-5.3.18-13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-06T14:36:12Z",
"details": "important"
}
],
"title": "CVE-2020-25645"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…