Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

SUSE: 2021:0377-1 Important: Linux Kernel Live Patch 13 for SLE 15 SP1

suse
Calendar Grey February 10, 2021
Dist Suse Esm H88
SUSE Security update: Important patch for Linux Kernel addressing multiple vulnerabilities. Essential for system integrity.
An update that fixes 7 vulnerabilities is now available

Summary

This update for the Linux Kernel 4.12.14-197_48 fixes several issues. The following security issues were fixed: - CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180562). - CVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180030). - CVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180032. - CVE-2020-29569: Fixed a use after free due to a logic error (bsc#1180008). - CVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bsc#1179877). - CVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed

References

#1179664 #1179877 #1180008 #1180030 #1180032

#1180562

Cross- CVE-2020-0465 CVE-2020-0466 CVE-2020-29368

CVE-2020-29569 CVE-2020-29660 CVE-2020-29661

CVE-2020-36158

CVSS scores:

CVE-2020-0465 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-0465 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-0466 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-0466 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29368 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29368 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-29569 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2020-29569 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0377-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.