{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\n\nThe openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-14314: Fixed potential negative array index in do_split() in ext4 (bsc#1173798).\n- CVE-2020-14386: Fixed an overflow in af_packet, which could lead to local privilege escalation (bsc#1176069).\n\n\nThe following non-security bugs were fixed:\n\n- ACPICA: Do not increment operation_region reference counts for field units (git-fixes).\n- ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes).\n- ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes).\n- ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes).\n- ALSA: hda: avoid reset of sdo_limit (git-fixes).\n- ALSA: isa: fix spelling mistakes in the comments (git-fixes).\n- ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes).\n- ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes).\n- ALSA: usb-audio: ignore broken processing/extension unit (git-fixes).\n- ASoC: intel: Fix memleak in sst_media_open (git-fixes).\n- ASoC: msm8916-wcd-analog: fix register Interrupt offset (git-fixes).\n- ASoC: q6afe-dai: mark all widgets registers as SND_SOC_NOPM (git-fixes).\n- ASoC: q6routing: add dummy register read/write function (git-fixes).\n- ASoC: wm8994: Avoid attempts to read unreadable registers (git-fixes).\n- Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).\n- Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175128).\n- HID: input: Fix devices that return multiple bytes in battery report (git-fixes).\n- Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes).\n- KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729).\n- KVM: Reinstall old memslots if arch preparation fails (bsc#1133021).\n- KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021).\n- KVM: x86: Fix APIC page invalidation race (bsc#1133021).\n- PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, git-fixes).\n- RDMA/mlx5: Add missing srcu_read_lock in ODP implicit flow (jsc#SLE-8446).\n- RDMA/mlx5: Fix typo in enum name (git-fixes).\n- Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (bsc#1171688 bsc#1174003).\n- Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (bsc#1171688 bsc#1174003).\n- bdc: Fix bug causing crash after multiple disconnects (git-fixes).\n- bfq: fix blkio cgroup leakage v4 (bsc#1175775).\n- block: Fix the type of 'sts' in bsg_queue_rq() (git-fixes).\n- bnxt_en: fix NULL dereference in case SR-IOV configuration fails (networking-stable-20_07_17).\n- bonding: fix active-backup failover for current ARP slave (bsc#1174771).\n- brcmfmac: To fix Bss Info flag definition Bug (git-fixes).\n- brcmfmac: keep SDIO watchdog running when console_interval is non-zero (git-fixes).\n- brcmfmac: set state of hanger slot to FREE when flushing PSQ (git-fixes).\n- btrfs: add helper to get the end offset of a file extent item (bsc#1175546).\n- btrfs: factor out inode items copy loop from btrfs_log_inode() (bsc#1175546).\n- btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550).\n- btrfs: fix missing file extent item for hole after ranged fsync (bsc#1175546).\n- btrfs: make full fsyncs always operate on the entire file again (bsc#1175546).\n- btrfs: make ranged full fsyncs more efficient (bsc#1175546).\n- btrfs: remove useless check for copy_items() return value (bsc#1175546).\n- btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493).\n- config/x86_64: Make CONFIG_PINCTRL_AMD=y (bsc#1174800) The pinctrl driver has to be initialized before hid-i2c and others. For assuring it, change it built-in, since we can't put the module ordering. This change follows the SLE15-SP2 kernel behavior.\n- cpumap: Use non-locked version __ptr_ring_consume_batched (git-fixes).\n- crypto: aesni - Fix build with LLVM_IAS=1 (git-fixes).\n- crypto: aesni - add compatibility with IAS (git-fixes).\n- dlm: Fix kobject memleak (bsc#1175768).\n- drm/amd/display: Fix EDID parsing after resume from suspend (git-fixes).\n- drm/amd/display: fix pow() crashing when given base 0 (git-fixes).\n- drm/amd/powerplay: fix compile error with ARCH=arc (git-fixes).\n- drm/amdgpu/display bail early in dm_pp_get_static_clocks (git-fixes).\n- drm/amdgpu: avoid dereferencing a NULL pointer (git-fixes).\n- drm/debugfs: fix plain echo to connector 'force' attribute (git-fixes).\n- drm/etnaviv: fix ref count leak via pm_runtime_get_sync (git-fixes).\n- drm/msm: ratelimit crtc event overflow error (git-fixes).\n- drm/nouveau/kms/nv50-: Fix disabling dithering (git-fixes).\n- drm/nouveau: fix multiple instances of reference count leaks (git-fixes).\n- drm/nouveau: fix reference count leak in nouveau_debugfs_strap_peek (git-fixes).\n- drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (git-fixes).\n- drm/radeon: disable AGP by default (git-fixes).\n- drm/tilcdc: fix leak & null ref in panel_connector_get_modes (git-fixes).\n- drm/ttm/nouveau: do not call tt destroy callback on alloc failure (git-fixes bsc#1175232).\n- drm: msm: a6xx: fix gpu failure after system resume (git-fixes).\n- dyndbg: fix a BUG_ON in ddebug_describe_flags (git-fixes).\n- enetc: Fix tx rings bitmap iteration range, irq handling (networking-stable-20_06_28).\n- ext2: fix missing percpu_counter_inc (bsc#1175774).\n- ext4: check journal inode extents more carefully (bsc#1173485).\n- ext4: do not BUG on inconsistent journal feature (bsc#1171634).\n- ext4: do not allow overlapping system zones (bsc#1173485).\n- ext4: fix checking of directory entry validity for inline directories (bsc#1175771).\n- ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485).\n- genetlink: remove genl_bind (networking-stable-20_07_17).\n- gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (git-fixes).\n- i2c: i801: Add support for Intel Comet Lake PCH-V (jsc#SLE-13411).\n- i2c: i801: Add support for Intel Emmitsburg PCH (jsc#SLE-13411).\n- i2c: i801: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411).\n- ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506).\n- ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922).\n- ice: Clear and free XLT entries on reset (jsc#SLE-7926).\n- ice: Graceful error handling in HW table calloc failure (jsc#SLE-7926).\n- igc: Fix PTP initialization (bsc#1160634).\n- ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes).\n- ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28).\n- ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28).\n- ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17).\n- ipv6: Fix use of anycast address with loopback (networking-stable-20_07_17).\n- ipv6: fib6_select_path can not use out path for nexthop objects (networking-stable-20_07_17).\n- ipvs: fix the connection sync failed in some cases (bsc#1174699).\n- iwlegacy: Check the return value of pcie_capability_read_*() (git-fixes).\n- jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772).\n- kABI: genetlink: remove genl_bind (kabi).\n- kabi/severities: ignore KABI for NVMe, except nvme-fc (bsc#1174777) Exported symbols under drivers/nvme/host/ are only used by the nvme subsystem itself, except for the nvme-fc symbols.\n- kabi/severities: ignore qla2xxx as all symbols are internal\n- kernel/relay.c: fix memleak on destroy relay channel (git-fixes).\n- kernfs: do not call fsnotify() with name without a parent (bsc#1175770).\n- l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17).\n- llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17).\n- md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes).\n- md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes).\n- media: budget-core: Improve exception handling in budget_register() (git-fixes).\n- media: camss: fix memory leaks on error handling paths in probe (git-fixes).\n- media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic (git-fixes).\n- media: rockchip: rga: Only set output CSC mode for RGB input (git-fixes).\n- media: vpss: clean up resources in init (git-fixes).\n- mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs (jsc#SLE-13411).\n- mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28).\n- mlxsw: pci: Fix use-after-free in case of failed devlink reload (networking-stable-20_07_17).\n- mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() (networking-stable-20_07_17).\n- mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).\n- mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617).\n- mm: filemap: clear idle flag for writes (bsc#1175769).\n- mmc: sdhci-cadence: do not use hardware tuning for SD mode (git-fixes).\n- mmc: sdhci-pci-o2micro: Bug fix for O2 host controller Seabird1 (git-fixes).\n- mvpp2: ethtool rxtx stats fix (networking-stable-20_06_28).\n- net/mlx5: DR, Change push vlan action sequence (jsc#SLE-8464).\n- net/mlx5: Fix eeprom support for SFP module (networking-stable-20_07_17).\n- net/mlx5e: Fix 50G per lane indication (networking-stable-20_07_17).\n- net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (networking-stable-20_07_17).\n- net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28).\n- net: Fix the arp error in some cases (networking-stable-20_06_28).\n- net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28).\n- net: core: reduce recursion limit value (networking-stable-20_06_28).\n- net: dsa: microchip: set the correct number of ports (networking-stable-20_07_17).\n- net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1154492).\n- net: ena: Make missed_tx stat incremental (git-fixes).\n- net: ena: Prevent reset after device destruction (git-fixes).\n- net: fix memleak in register_netdevice() (networking-stable-20_06_28).\n- net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28).\n- net: mvneta: fix use of state->speed (networking-stable-20_07_17).\n- net: qrtr: Fix an out of bounds read qrtr_endpoint_post() (networking-stable-20_07_17).\n- net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28).\n- net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17).\n- net_sched: fix a memory leak in atm_tc_init() (networking-stable-20_07_17).\n- nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108).\n- nvme-multipath: fix logic for non-optimized paths (bsc#1172108).\n- nvme-multipath: round-robin: eliminate 'fallback' variable (bsc#1172108).\n- nvme-multipath: set bdi capabilities once (bsc#1159058).\n- nvme-pci: Re-order nvme_pci_free_ctrl (bsc#1159058).\n- nvme-rdma: Add warning on state change failure at (bsc#1159058).\n- nvme-tcp: Add warning on state change failure at (bsc#1159058).\n- nvme-tcp: fix possible crash in write_zeroes processing (bsc#1159058).\n- nvme: Fix controller creation races with teardown flow (bsc#1159058).\n- nvme: Fix ctrl use-after-free during sysfs deletion (bsc#1159058).\n- nvme: Make nvme_uninit_ctrl symmetric to nvme_init_ctrl (bsc#1159058).\n- nvme: Remove unused return code from nvme_delete_ctrl_sync (bsc#1159058).\n- nvme: add a Identify Namespace Identification Descriptor list quirk (git-fixes).\n- nvme: always search for namespace head (bsc#1159058).\n- nvme: avoid an Identify Controller command for each namespace (bsc#1159058).\n- nvme: check namespace head shared property (bsc#1159058).\n- nvme: clean up nvme_scan_work (bsc#1159058).\n- nvme: cleanup namespace identifier reporting in (bsc#1159058).\n- nvme: consolidate chunk_sectors settings (bsc#1159058).\n- nvme: consolodate io settings (bsc#1159058).\n- nvme: expose hostid via sysfs for fabrics controllers (bsc#1159058).\n- nvme: expose hostnqn via sysfs for fabrics controllers (bsc#1159058).\n- nvme: factor out a nvme_ns_remove_by_nsid helper (bsc#1159058).\n- nvme: fix a crash in nvme_mpath_add_disk (git-fixes, bsc#1159058).\n- nvme: fix identify error status silent ignore (git-fixes, bsc#1159058).\n- nvme: fix possible hang when ns scanning fails during error (bsc#1159058).\n- nvme: kABI fixes for nvme_ctrl (bsc#1159058).\n- nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108).\n- nvme: prevent double free in nvme_alloc_ns() error handling (bsc#1159058).\n- nvme: provide num dword helper (bsc#1159058).\n- nvme: refactor nvme_identify_ns_descs error handling (bsc#1159058).\n- nvme: refine the Qemu Identify CNS quirk (bsc#1159058).\n- nvme: release ida resources (bsc#1159058).\n- nvme: release namespace head reference on error (bsc#1159058).\n- nvme: remove the magic 1024 constant in nvme_scan_ns_list (bsc#1159058).\n- nvme: remove unused parameter (bsc#1159058).\n- nvme: rename __nvme_find_ns_head to nvme_find_ns_head (bsc#1159058).\n- nvme: revalidate after verifying identifiers (bsc#1159058).\n- nvme: revalidate namespace stream parameters (bsc#1159058).\n- nvme: unlink head after removing last namespace (bsc#1159058).\n- openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len (networking-stable-20_06_28).\n- platform/x86: ISST: Add new PCI device ids (git-fixes).\n- platform/x86: asus-nb-wmi: add support for ASUS ROG Zephyrus G14 and G15 (git-fixes).\n- powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729).\n- powerpc/fadump: Fix build error with CONFIG_PRESERVE_FA_DUMP=y (bsc#1156395).\n- powerpc/iommu: Allow bypass-only for DMA (bsc#1156395).\n- powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729).\n- powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630).\n- powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574).\n- pseries: Fix 64 bit logical memory block panic (bsc#1065729).\n- rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28).\n- rtc: goldfish: Enable interrupt in set_alarm() when necessary (git-fixes).\n- sch_cake: do not call diffserv parsing code when it is not needed (networking-stable-20_06_28).\n- sch_cake: do not try to reallocate or unshare skb unconditionally (networking-stable-20_06_28).\n- sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17).\n- scsi/fc: kABI fixes for new ELS_RPD definition (bsc#1171688 bsc#1174003).\n- scsi: Fix trivial spelling (bsc#1171688 bsc#1174003).\n- scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026).\n- scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003).\n- scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003).\n- scsi: smartpqi: Identify physical devices without issuing INQUIRY (bsc#1172418).\n- scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418).\n- scsi: smartpqi: add RAID bypass counter (bsc#1172418).\n- scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418).\n- scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418).\n- scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418).\n- scsi: smartpqi: support device deletion via sysfs (bsc#1172418).\n- scsi: smartpqi: update logical volume size after expansion (bsc#1172418).\n- scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790).\n- sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28).\n- selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995).\n- selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995).\n- selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995).\n- selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995).\n- serial: 8250: change lock order in serial8250_do_startup() (git-fixes).\n- serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes).\n- serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes).\n- soc/tegra: pmc: Enable PMIC wake event on Tegra194 (bsc#1175834).\n- soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag (git-fixes).\n- spi: pxa2xx: Add support for Intel Tiger Lake PCH-H (jsc#SLE-13411).\n- spi: spidev: Align buffers for DMA (git-fixes).\n- spi: stm32: fixes suspend/resume management (git-fixes).\n- tcp: do not ignore ECN CWR on pure ACK (networking-stable-20_06_28).\n- tcp: fix SO_RCVLOWAT possible hangs under high mem pressure (networking-stable-20_07_17).\n- tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28).\n- tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17).\n- tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17).\n- tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17).\n- tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17).\n- tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28).\n- tracepoint: Mark __tracepoint_string's __used (git-fixes).\n- tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes).\n- usb: bdc: Halt controller on suspend (git-fixes).\n- usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes).\n- usb: mtu3: clear dual mode of u3port when disable device (git-fixes).\n- video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).\n- video: fbdev: savage: fix memory leak on error handling path in probe (git-fixes).\n- vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17).\n- vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199).\n- x86/bugs/multihit: Fix mitigation reporting when VMX is not in use (git-fixes).\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2020-1382","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1382-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2020:1382-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZQA73YKYLNFVSY2PY7W2M2F3PSXXE566/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2020:1382-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZQA73YKYLNFVSY2PY7W2M2F3PSXXE566/"},{"category":"self","summary":"SUSE Bug 1065729","url":"https://bugzilla.suse.com/1065729"},{"category":"self","summary":"SUSE Bug 1071995","url":"https://bugzilla.suse.com/1071995"},{"category":"self","summary":"SUSE Bug 1085030","url":"https://bugzilla.suse.com/1085030"},{"category":"self","summary":"SUSE Bug 1133021","url":"https://bugzilla.suse.com/1133021"},{"category":"self","summary":"SUSE Bug 1154492","url":"https://bugzilla.suse.com/1154492"},{"category":"self","summary":"SUSE Bug 1156395","url":"https://bugzilla.suse.com/1156395"},{"category":"self","summary":"SUSE Bug 1159058","url":"https://bugzilla.suse.com/1159058"},{"category":"self","summary":"SUSE Bug 1160634","url":"https://bugzilla.suse.com/1160634"},{"category":"self","summary":"SUSE Bug 1169790","url":"https://bugzilla.suse.com/1169790"},{"category":"self","summary":"SUSE Bug 1171634","url":"https://bugzilla.suse.com/1171634"},{"category":"self","summary":"SUSE Bug 1171688","url":"https://bugzilla.suse.com/1171688"},{"category":"self","summary":"SUSE Bug 1172108","url":"https://bugzilla.suse.com/1172108"},{"category":"self","summary":"SUSE Bug 1172418","url":"https://bugzilla.suse.com/1172418"},{"category":"self","summary":"SUSE Bug 1172871","url":"https://bugzilla.suse.com/1172871"},{"category":"self","summary":"SUSE Bug 1173485","url":"https://bugzilla.suse.com/1173485"},{"category":"self","summary":"SUSE Bug 1173798","url":"https://bugzilla.suse.com/1173798"},{"category":"self","summary":"SUSE Bug 1174003","url":"https://bugzilla.suse.com/1174003"},{"category":"self","summary":"SUSE Bug 1174026","url":"https://bugzilla.suse.com/1174026"},{"category":"self","summary":"SUSE Bug 1174387","url":"https://bugzilla.suse.com/1174387"},{"category":"self","summary":"SUSE Bug 1174699","url":"https://bugzilla.suse.com/1174699"},{"category":"self","summary":"SUSE Bug 1174771","url":"https://bugzilla.suse.com/1174771"},{"category":"self","summary":"SUSE Bug 1174777","url":"https://bugzilla.suse.com/1174777"},{"category":"self","summary":"SUSE Bug 1174800","url":"https://bugzilla.suse.com/1174800"},{"category":"self","summary":"SUSE Bug 1175128","url":"https://bugzilla.suse.com/1175128"},{"category":"self","summary":"SUSE Bug 1175199","url":"https://bugzilla.suse.com/1175199"},{"category":"self","summary":"SUSE Bug 1175232","url":"https://bugzilla.suse.com/1175232"},{"category":"self","summary":"SUSE Bug 1175440","url":"https://bugzilla.suse.com/1175440"},{"category":"self","summary":"SUSE Bug 1175493","url":"https://bugzilla.suse.com/1175493"},{"category":"self","summary":"SUSE Bug 1175546","url":"https://bugzilla.suse.com/1175546"},{"category":"self","summary":"SUSE Bug 1175550","url":"https://bugzilla.suse.com/1175550"},{"category":"self","summary":"SUSE Bug 1175654","url":"https://bugzilla.suse.com/1175654"},{"category":"self","summary":"SUSE Bug 1175691","url":"https://bugzilla.suse.com/1175691"},{"category":"self","summary":"SUSE Bug 1175768","url":"https://bugzilla.suse.com/1175768"},{"category":"self","summary":"SUSE Bug 1175769","url":"https://bugzilla.suse.com/1175769"},{"category":"self","summary":"SUSE Bug 1175770","url":"https://bugzilla.suse.com/1175770"},{"category":"self","summary":"SUSE Bug 1175771","url":"https://bugzilla.suse.com/1175771"},{"category":"self","summary":"SUSE Bug 1175772","url":"https://bugzilla.suse.com/1175772"},{"category":"self","summary":"SUSE Bug 1175774","url":"https://bugzilla.suse.com/1175774"},{"category":"self","summary":"SUSE Bug 1175775","url":"https://bugzilla.suse.com/1175775"},{"category":"self","summary":"SUSE Bug 1175834","url":"https://bugzilla.suse.com/1175834"},{"category":"self","summary":"SUSE Bug 1175873","url":"https://bugzilla.suse.com/1175873"},{"category":"self","summary":"SUSE Bug 1176069","url":"https://bugzilla.suse.com/1176069"},{"category":"self","summary":"SUSE CVE CVE-2020-14314 page","url":"https://www.suse.com/security/cve/CVE-2020-14314/"},{"category":"self","summary":"SUSE CVE CVE-2020-14386 page","url":"https://www.suse.com/security/cve/CVE-2020-14386/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2020-09-08T08:23:20Z","generator":{"date":"2020-09-08T08:23:20Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2020:1382-1","initial_release_date":"2020-09-08T08:23:20Z","revision_history":[{"date":"2020-09-08T08:23:20Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-devel-5.3.18-lp152.41.1.noarch","product":{"name":"kernel-devel-5.3.18-lp152.41.1.noarch","product_id":"kernel-devel-5.3.18-lp152.41.1.noarch"}},{"category":"product_version","name":"kernel-docs-5.3.18-lp152.41.1.noarch","product":{"name":"kernel-docs-5.3.18-lp152.41.1.noarch","product_id":"kernel-docs-5.3.18-lp152.41.1.noarch"}},{"category":"product_version","name":"kernel-docs-html-5.3.18-lp152.41.1.noarch","product":{"name":"kernel-docs-html-5.3.18-lp152.41.1.noarch","product_id":"kernel-docs-html-5.3.18-lp152.41.1.noarch"}},{"category":"product_version","name":"kernel-macros-5.3.18-lp152.41.1.noarch","product":{"name":"kernel-macros-5.3.18-lp152.41.1.noarch","product_id":"kernel-macros-5.3.18-lp152.41.1.noarch"}},{"category":"product_version","name":"kernel-source-5.3.18-lp152.41.1.noarch","product":{"name":"kernel-source-5.3.18-lp152.41.1.noarch","product_id":"kernel-source-5.3.18-lp152.41.1.noarch"}},{"category":"product_version","name":"kernel-source-vanilla-5.3.18-lp152.41.1.noarch","product":{"name":"kernel-source-vanilla-5.3.18-lp152.41.1.noarch","product_id":"kernel-source-vanilla-5.3.18-lp152.41.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"kernel-debug-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-debug-5.3.18-lp152.41.1.x86_64","product_id":"kernel-debug-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-debug-devel-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-debug-devel-5.3.18-lp152.41.1.x86_64","product_id":"kernel-debug-devel-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-default-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-default-5.3.18-lp152.41.1.x86_64","product_id":"kernel-default-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","product":{"name":"kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","product_id":"kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64"}},{"category":"product_version","name":"kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","product":{"name":"kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","product_id":"kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64"}},{"category":"product_version","name":"kernel-default-devel-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-default-devel-5.3.18-lp152.41.1.x86_64","product_id":"kernel-default-devel-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","product_id":"kernel-kvmsmall-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","product_id":"kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-obs-build-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-obs-build-5.3.18-lp152.41.1.x86_64","product_id":"kernel-obs-build-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-obs-qa-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-obs-qa-5.3.18-lp152.41.1.x86_64","product_id":"kernel-obs-qa-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-preempt-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-preempt-5.3.18-lp152.41.1.x86_64","product_id":"kernel-preempt-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","product_id":"kernel-preempt-devel-5.3.18-lp152.41.1.x86_64"}},{"category":"product_version","name":"kernel-syms-5.3.18-lp152.41.1.x86_64","product":{"name":"kernel-syms-5.3.18-lp152.41.1.x86_64","product_id":"kernel-syms-5.3.18-lp152.41.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-debug-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-debug-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-debug-devel-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-debug-devel-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-default-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64"},"product_reference":"kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64"},"product_reference":"kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-devel-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-default-devel-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-devel-5.3.18-lp152.41.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.41.1.noarch"},"product_reference":"kernel-devel-5.3.18-lp152.41.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-docs-5.3.18-lp152.41.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.41.1.noarch"},"product_reference":"kernel-docs-5.3.18-lp152.41.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-docs-html-5.3.18-lp152.41.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.41.1.noarch"},"product_reference":"kernel-docs-html-5.3.18-lp152.41.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-kvmsmall-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-macros-5.3.18-lp152.41.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.41.1.noarch"},"product_reference":"kernel-macros-5.3.18-lp152.41.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-obs-build-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-obs-build-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-obs-qa-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-obs-qa-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-preempt-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-preempt-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-preempt-devel-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-5.3.18-lp152.41.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.41.1.noarch"},"product_reference":"kernel-source-5.3.18-lp152.41.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-vanilla-5.3.18-lp152.41.1.noarch as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.41.1.noarch"},"product_reference":"kernel-source-vanilla-5.3.18-lp152.41.1.noarch","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-5.3.18-lp152.41.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.41.1.x86_64"},"product_reference":"kernel-syms-5.3.18-lp152.41.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"}]},"vulnerabilities":[{"cve":"CVE-2020-14314","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-14314"}],"notes":[{"category":"general","text":"A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.41.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-14314","url":"https://www.suse.com/security/cve/CVE-2020-14314"},{"category":"external","summary":"SUSE Bug 1173798 for CVE-2020-14314","url":"https://bugzilla.suse.com/1173798"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.41.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":2.8,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.41.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-09-08T08:23:20Z","details":"moderate"}],"title":"CVE-2020-14314"},{"cve":"CVE-2020-14386","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-14386"}],"notes":[{"category":"general","text":"A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.41.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-14386","url":"https://www.suse.com/security/cve/CVE-2020-14386"},{"category":"external","summary":"SUSE Bug 1176069 for CVE-2020-14386","url":"https://bugzilla.suse.com/1176069"},{"category":"external","summary":"SUSE Bug 1176072 for CVE-2020-14386","url":"https://bugzilla.suse.com/1176072"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.41.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.4,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2.x86_64","openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.41.1.x86_64","openSUSE Leap 15.2:kernel-source-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.41.1.noarch","openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.41.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-09-08T08:23:20Z","details":"important"}],"title":"CVE-2020-14386"}]}