Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

SUSE: 2020:3718-1 Major Update: Kernel Security Patches for Users

suse
Calendar Grey December 9, 2020
Dist Suse Esm H88
SUSE has released a critical Security Update that rectifies significant kernel vulnerabilities across various products, necessitating user intervention to ensure continued system protection.
An update that solves 7 vulnerabilities and has 36 fixes is now available

Summary

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141). - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could

References

#1050549 #1067665 #1111666 #1112178 #1158775

#1170139 #1170630 #1172542 #1174726 #1175916

#1176109 #1177304 #1177397 #1177805 #1177808

#1177819 #1177820 #1178182 #1178589 #1178635

#1178669 #1178838 #1178853 #1178854 #1178878

#1178886 #1178897 #1178940 #1178962 #1179107

#1179140 #1179141 #1179211 #1179213 #1179259

#1179403 #1179406 #1179418 #1179421 #1179424

#1179426 #1179427 #1179429

Cross- CVE-2020-15436 CVE-2020-15437 CVE-2020-25669

CVE-2020-27777 CVE-2020-28915 CVE-2020-28974

CVE-2020-29371

Affected Products:

SUSE Linux Enterprise Workstation Extension 15-SP1

SUSE Linux Enterprise Module for Live Patching 15-SP1

SUSE Linux Enterprise Module for Legacy Software 15-SP1

SUSE Linux Enterprise Module for D...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:3718-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.