Details
-
Improvement
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket
creation could have been used by local attackers to create raw sockets,
bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory
corruption or a denial of service when changing screen size
(bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow
(bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free
(bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds
check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root
cause (bsc#1176423). - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow
(bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to
rbd devices, which could have been leveraged by local attackers to map
or unmap rbd block devices (bsc#1176482). - CVE-2020-14381: Fixed requeue paths such that filp was valid when
dropping the references (bsc#1176011). - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr
function which could have led to memory corruption and read overflow
(bsc#1177206). - CVE-2020-25641: Fixed ann issue where length bvec was causing
softlockups (bsc#1177121).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2020-October/007544.html