SUSE: 2020:2121-1 Important: Kernel Escalation Risk and Fixes

suse

August 4, 2020

An update that solves 15 vulnerabilities and has 37 fixes is now available

Summary

The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462). - CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567). - CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by

Topics Covered

security advisory denial of service buffer overflow important kernel local escalation SUSE Linux Enterprise

References

#1051510 #1065729 #1071995 #1085030 #1104967

#1114279 #1144333 #1148868 #1150660 #1152107

#1152472 #1152624 #1158983 #1159058 #1161016

#1162002 #1162063 #1168081 #1169194 #1169514

#1169795 #1170011 #1170592 #1170618 #1171124

#1171424 #1171558 #1171673 #1171732 #1171761

#1171868 #1171904 #1172257 #1172344 #1172458

#1172484 #1172759 #1172775 #1172781 #1172782

#1172783 #1172999 #1173265 #1173280 #1173428

#1173462 #1173514 #1173567 #1173573 #1174115

#1174462 #1174543

Cross- CVE-2019-16746 CVE-2019-20810 CVE-2019-20908

CVE-2020-0305 CVE-2020-10766 CVE-2020-10767

CVE-2020-10768 CVE-2020-10769 CVE-2020-10773

CVE-2020-12771 CVE-2020-12888 CVE-2020-13974

CVE-2020-14416 CVE-2020-15393 CVE-2020-15780

...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2020:2121-1

Rating: important

Topics Covered

security advisory denial of service buffer overflow important kernel local escalation SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:2121-1 Important: Kernel Escalation Risk and Fixes

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2020:2121-1 Important: Kernel Escalation Risk and Fixes

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!