{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n- CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178123).\n- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n- CVE-2020-25704: Fixed a leak in perf_event_parse_addr_filter() (bsc#1178393).\n- CVE-2020-27777: Restrict RTAS requests from userspace  (bsc#1179107)\n- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n- CVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n- CVE-2020-25705: Fixed an issue which could have allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization (bsc#1175721).\n- CVE-2020-28941: Fixed an issue where local attackers on systems with the speakup driver could cause a local denial of service attack (bsc#1178740).\n- CVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n- CVE-2020-29369: Fixed a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe (bnc#1173504 1179432).\n\nThe following non-security bugs were fixed:\n\n\n- 9P: Cast to loff_t before multiplying (git-fixes).\n- ACPI: button: Add DMI quirk for Medion Akoya E2228T (git-fixes).\n- ACPICA: Add NHLT table signature (bsc#1176200).\n- ACPI: dock: fix enum-conversion warning (git-fixes).\n- ACPI / extlog: Check for RDMSR failure (git-fixes).\n- ACPI: GED: fix -Wformat (git-fixes).\n- ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes).\n- ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n- Add bug reference to two hv_netvsc patches (bsc#1178853).\n- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n- ALSA: fix kernel-doc markups (git-fixes).\n- ALSA: hda: fix jack detection with Realtek codecs when in D3 (git-fixes).\n- ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n- ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n- ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (git-fixes).\n- ALSA: hda/realtek - Add supported mute Led for HP (git-fixes).\n- ALSA: hda/realtek - Enable headphone for ASUS TM420 (git-fixes).\n- ALSA: hda/realtek - Fixed HP headset Mic can't be detected (git-fixes).\n- ALSA: hda/realtek - HP Headset Mic can't detect after boot (git-fixes).\n- ALSA: hda: Reinstate runtime_allow() for all hda controllers (git-fixes).\n- ALSA: mixart: Fix mutex deadlock (git-fixes).\n- ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n- ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n- ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n- arm64: bpf: Fix branch offset in JIT (git-fixes).\n- arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (git-fixes).\n- arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (git-fixes).\n- arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (git-fixes).\n- arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (git-fixes).\n- arm64: dts: fsl: DPAA FMan DMA operations are coherent (git-fixes).\n- arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (git-fixes).\n- arm64: dts: imx8mq: Add missing interrupts to GPC (git-fixes).\n- arm64: dts: imx8mq: Fix TMU interrupt property (git-fixes).\n- arm64: dts: zynqmp: Remove additional compatible string for i2c IPs (git-fixes).\n- arm64: kprobe: add checks for ARMv8.3-PAuth combined instructions (git-fixes).\n- arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n- arm64: Run ARCH_WORKAROUND_2 enabling code on all CPUs (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes (git-fixes).\n- arm64: tegra: Add missing timeout clock to Tegra210 SDMMC (git-fixes).\n- arm64: vdso: Add '-Bsymbolic' to ldflags (git-fixes).\n- arm64: vdso: Add --eh-frame-hdr to ldflags (git-fixes).\n- ASoC: codecs: wcd9335: Set digital gain range correctly (git-fixes).\n- ASoC: cs42l51: manage mclk shutdown delay (git-fixes).\n- ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (git-fixes).\n- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n- ASoC: qcom: sdm845: set driver name correctly (git-fixes).\n- ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n- ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n- batman-adv: set .owner to THIS_MODULE (git-fixes).\n- bnxt_en: Avoid sending firmware messages when AER error is detected (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Check abort error state in bnxt_open_nic() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix NULL ptr dereference crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Fix regression in workqueue cleanup logic in bnxt_remove_one() (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: Invoke cancel_delayed_work_sync() for PFs also (jsc#SLE-8371 bsc#1153274).\n- bnxt_en: return proper error codes in bnxt_show_temp (git-fixes).\n- bnxt_en: Send HWRM_FUNC_RESET fw command unconditionally (jsc#SLE-8371 bsc#1153274).\n- bpf: Do not rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1155518).\n- bpf: Fix comment for helper bpf_current_task_under_cgroup() (bsc#1155518).\n- bpf: Zero-fill re-used per-cpu map element (bsc#1155518).\n- btrfs: Account for merged patches upstream Move below patches to sorted section.\n- btrfs: cleanup cow block on error (bsc#1178584).\n- btrfs: fix bytes_may_use underflow in prealloc error condtition (bsc#1179217).\n- btrfs: fix metadata reservation for fallocate that leads to transaction aborts (bsc#1179217).\n- btrfs: fix relocation failure due to race with fallocate (bsc#1179217).\n- btrfs: remove item_size member of struct btrfs_clone_extent_info (bsc#1179217).\n- btrfs: rename btrfs_insert_clone_extent() to a more generic name (bsc#1179217).\n- btrfs: rename btrfs_punch_hole_range() to a more generic name (bsc#1179217).\n- btrfs: rename struct btrfs_clone_extent_info to a more generic name (bsc#1179217).\n- btrfs: reschedule if necessary when logging directory items (bsc#1178585).\n- btrfs: send, orphanize first all conflicting inodes when processing references (bsc#1178579).\n- btrfs: send, recompute reference path after orphanization of a directory (bsc#1178581).\n- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n- can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n- can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).\n- can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n- can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n- can: dev: can_restart(): post buffer from the right context (git-fixes).\n- can: flexcan: flexcan_remove(): disable wakeup completely (git-fixes).\n- can: flexcan: flexcan_setup_stop_mode(): add missing 'req_bit' to stop mode property comment (git-fixes).\n- can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (git-fixes).\n- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n- can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (git-fixes).\n- can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes).\n- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n- can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n- can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n- can: peak_usb: add range checking in decode operations (git-fixes).\n- can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n- can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n- can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n- ceph: add check_session_state() helper and make it global (bsc#1179012).\n- ceph: check session state after bumping session->s_seq (bsc#1179012).\n- ceph: check the sesion state and return false in case it is closed (bsc#1179012).\n- ceph: downgrade warning from mdsmap decode to debug (bsc#1178653).\n- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n- cfg80211: initialize wdev data earlier (git-fixes).\n- cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n- cifs: remove bogus debug code (bsc#1179427).\n- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n- clk: define to_clk_regmap() as inline function (git-fixes).\n- Convert trailing spaces and periods in path components (bsc#1179424).\n- cosa: Add missing kfree in error path of cosa_write (git-fixes).\n- dax: fix detection of dax support for non-persistent memory block devices (bsc#1171073).\n- dax: Fix stack overflow when mounting fsdax pmem device (bsc#1171073).\n- Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch (bsc#1179419)\n- devlink: Make sure devlink instance and port are in same net namespace (bsc#1154353).\n- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n- Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU (bsc#1177353, bsc#1179076).\n- Do not create null.i000.ipa-clones file (bsc#1178330) Kbuild cc-option compiles /dev/null file to test for an option availability. Filter out -fdump-ipa-clones so that null.i000.ipa-clones file is not generated in the process.\n- drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n- drivers/net/ethernet: remove incorrectly formatted doc (bsc#1177397).\n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (git-fixes).\n- Drop sysctl files for dropped archs, add ppc64le and arm (bsc#1178838). Also correct the page size on ppc64.\n- EDAC/amd64: Cache secondary Chip Select registers (bsc#1179001).\n- EDAC/amd64: Find Chip Select memory size using Address Mask (bsc#1179001).\n- EDAC/amd64: Gather hardware information early (bsc#1179001).\n- EDAC/amd64: Initialize DIMM info for systems with more than two channels (bsc#1179001).\n- EDAC/amd64: Make struct amd64_family_type global (bsc#1179001).\n- EDAC/amd64: Save max number of controllers to family type (bsc#1179001). \n- EDAC/amd64: Support asymmetric dual-rank DIMMs (bsc#1179001).\n- efi: add missed destroy_workqueue when efisubsys_init fails (git-fixes).\n- efi: efibc: check for efivars write capability (git-fixes).\n- efi: EFI_EARLYCON should depend on EFI (git-fixes).\n- efi/efivars: Set generic ops before loading SSDT (git-fixes).\n- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n- efi/libstub/x86: Work around LLVM ELF quirk build regression (git-fixes).\n- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n- efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n- efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes).\n- efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (git-fixes).\n- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n- efi/x86: Fix the deletion of variables in mixed mode (git-fixes).\n- efi/x86: Free efi_pgd with free_pages() (git-fixes).\n- efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (git-fixes).\n- efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n- exfat: fix name_hash computation on big endian systems (git-fixes).\n- exfat: fix overflow issue in exfat_cluster_to_sector() (git-fixes).\n- exfat: fix possible memory leak in exfat_find() (git-fixes).\n- exfat: fix use of uninitialized spinlock on error path (git-fixes).\n- exfat: fix wrong hint_stat initialization in exfat_find_dir_entry() (git-fixes).\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (git-fixes).\n- Fix wrongly set CONFIG_SOUNDWIRE=y (bsc#1179201) CONFIG_SOUNDWIRE was mistakenly set as built-in. Mark it as module.\n- ftrace: Fix recursion check for NMI test (git-fixes).\n- ftrace: Handle tracing when switching between context (git-fixes).\n- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1149032).\n- futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1149032).\n- gpio: pcie-idio-24: Enable PEX8311 interrupts (git-fixes).\n- gpio: pcie-idio-24: Fix IRQ Enable Register value (git-fixes).\n- gpio: pcie-idio-24: Fix irq mask when masking (git-fixes).\n- HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (git-fixes).\n- HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (git-fixes).\n- HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (git-fixes).\n- HID: logitech-hidpp: Add PID for MX Anywhere 2 (git-fixes).\n- hv_balloon: disable warning when floor reached (git-fixes).\n- hv: clocksource: Add notrace attribute to read_hv_sched_clock_*() functions (git-fixes).\n- hv_netvsc: Add XDP support (bsc#1177820).\n- hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177820).\n- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1177820).\n- hv_netvsc: record hardware hash in skb (bsc#1177820).\n- hwmon: (pwm-fan) Fix RPM calculation (git-fixes).\n- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n- i2c: mediatek: move dma reset before i2c reset (git-fixes).\n- i2c: sh_mobile: implement atomic transfers (git-fixes).\n- igc: Fix not considering the TX delay for timestamps (bsc#1160634).\n- igc: Fix wrong timestamp latency numbers (bsc#1160634).\n- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n- iio: adc: mediatek: fix unset field (git-fixes).\n- iio: light: fix kconfig dependency bug for VCNL4035 (git-fixes).\n- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n- Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (git-fixes).\n- intel_idle: Customize IceLake server support (bsc#1178286).\n- ionic: check port ptr before use (bsc#1167773).\n- iwlwifi: mvm: write queue_sync_state only for sync (git-fixes).\n- kABI: revert use_mm name change (MM Functionality, bsc#1178426).\n- kABI workaround for HD-audio (git-fixes).\n- kernel: better document the use_mm/unuse_mm API contract (MM Functionality, bsc#1178426).\n- kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)\n- kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install\n- kernel/watchdog: fix watchdog_allowed_mask not used warning (git-fixes).\n- kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n- KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 does not return SMCCC_RET_NOT_REQUIRED (git-fixes).\n- lan743x: fix 'BUG: invalid wait context' when setting rx mode (git-fixes).\n- lan743x: fix issue causing intermittent kernel log warnings (git-fixes).\n- lan743x: prevent entire kernel HANG on open, for some platforms (git-fixes).\n- leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n- libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1155518).\n- libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n- lib/crc32test: remove extra local_irq_disable/enable (git-fixes).\n- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1155518).\n- mac80211: always wind down STA state (git-fixes).\n- mac80211: fix use of skb payload instead of header (git-fixes).\n- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n- mac80211: minstrel: fix tx status processing corner case (git-fixes).\n- mac80211: minstrel: remove deferred sampling code (git-fixes).\n- media: imx274: fix frame interval handling (git-fixes).\n- media: platform: Improve queue set up flow for bug fixing (git-fixes).\n- media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n- media: uvcvideo: Fix dereference of out-of-bound list iterator (git-fixes).\n- media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect (git-fixes).\n- mei: protect mei_cl_mtu from null dereference (git-fixes).\n- memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).\n- mfd: sprd: Add wakeup capability for PMIC IRQ (git-fixes).\n- mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (git-fixes).\n- mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n- mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (git-fixes).\n- mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (MM Functionality, bsc#1178426).\n- mm: fix kthread_use_mm() vs TLB invalidate (MM Functionality, bsc#1178426).\n- mm/gup: allow FOLL_FORCE for get_user_pages_fast() (git fixes (mm/gup)).\n- mm/gup: fix gup_fast with dynamic page table folding (bnc#1176586, LTC#188235).\n- mm/ksm: fix NULL pointer dereference when KSM zero page is enabled (git fixes (mm/ksm)).\n- mm, memcg: fix inconsistent oom event behavior (bsc#1178659).\n- mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n- mm/memcontrol.c: add missed css_put() (bsc#1178661).\n- mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (git fixes (mm/mempolicy)).\n- mm/swapfile.c: fix potential memory leak in sys_swapon (git-fixes).\n- mm: swap: make page_evictable() inline (git fixes (mm/vmscan)).\n- mm: swap: use smp_mb__after_atomic() to order LRU bit set (git fixes (mm/vmscan)).\n- mm, THP, swap: fix allocating cluster for swapfile by mistake (bsc#1178755).\n- modsign: Add codeSigning EKU when generating X.509 key generation config (bsc#1177353, bsc#1179076).\n- net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n- net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n- net: ena: Change license into format to SPDX in all files (bsc#1177397).\n- net: ena: Change log message to netif/dev function (bsc#1177397).\n- net: ena: Change RSS related macros and variables names (bsc#1177397).\n- net: ena: ethtool: Add new device statistics (bsc#1177397).\n- net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n- net: ena: Fix all static chekers' warnings (bsc#1177397).\n- net: ena: fix packet's addresses for rx_offset feature (bsc#1174852).\n- net: ena: handle bad request id in ena_netdev (bsc#1174852).\n- net: ena: Remove redundant print of placement policy (bsc#1177397).\n- net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n- net: fix pos incrementment in ipv6_route_seq_next (bsc#1154353).\n- net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).\n- net/mlx5: Clear bw_share upon VF disable (jsc#SLE-8464).\n- net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (jsc#SLE-8464).\n- net: mscc: ocelot: fix race condition with TX timestamping (bsc#1178461).\n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE (bsc#1176180).\n- NFSv4.x recover from pre-mature loss of openstateid (bsc#1176180).\n- nvme: do not update disk info for multipathed device (bsc#1171558).\n- nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n- p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n- PCI/ACPI: Whitelist hotplug ports for D3 if power managed by ACPI (git-fixes).\n- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n- pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n- pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n- platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time (git-fixes).\n- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n- PM: runtime: Drop runtime PM references to supplier on link removal (git-fixes).\n- powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm (MM Functionality, bsc#1178426).\n- powerpc: Inline doorbell sending functions (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jsc#SLE-16360 jsc#SLE-16915).\n- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pseries: Add KVM guest doorbell restrictions (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jsc#SLE-16360 jsc#SLE-16915).\n- powerpc/pseries: Use doorbells even if XIVE is available (jsc#SLE-15869 jsc#SLE-16321).\n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (MM Functionality, bsc#1178426).\n- powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293).\n- power: supply: bq27xxx: report 'not charging' on all types (git-fixes).\n- power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n- qla2xxx: Add MODULE_VERSION back to driver (bsc#1179160).\n- RDMA/hns: Fix retry_cnt and rnr_cnt when querying QP (jsc#SLE-8449).\n- RDMA/hns: Fix the wrong value of rnr_retry when querying qp (jsc#SLE-8449).\n- RDMA/hns: Fix wrong field of SRQ number the device supports (jsc#SLE-8449).\n- RDMA/hns: Solve the overflow of the calc_pg_sz() (jsc#SLE-8449).\n- RDMA/mlx5: Fix devlink deadlock on net namespace deletion (jsc#SLE-8464).\n- RDMA/qedr: Fix return code if accept is called on a destroyed qp (jsc#SLE-8215).\n- RDMA/ucma: Add missing locking around rdma_leave_multicast() (git-fixes).\n- reboot: fix overflow parsing reboot cpu number (git-fixes).\n- Refresh patches.suse/vfs-add-super_operations-get_inode_dev. (bsc#1176983) \n- regulator: avoid resolve_supply() infinite recursion (git-fixes).\n- regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n- regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n- regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (git-fixes).\n- regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n- regulator: workaround self-referent regulators (git-fixes).\n- Restore the header of series.conf The header of series.conf was accidentally changed by abb50be8e6bc '(kABI: revert use_mm name change (MM Functionality, bsc#1178426))'. \n- Revert 'cdc-acm: hardening against malicious devices' (git-fixes).\n- Revert 'kernel/reboot.c: convert simple_strtoul to kstrtoint' (git-fixes).\n- Revert 'xfs: complain if anyone tries to create a too-large buffer' (bsc#1179425, bsc#1179550).\n- rfkill: Fix use-after-free in rfkill_resume() (git-fixes).\n- ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n- rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger -<dimstar@opensuse.org>\n- rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two.\n- rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) egrep is only a deprecated bash wrapper for 'grep -E'. So use the latter instead.\n- rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n- rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).\n- rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly.\n- s390/bpf: Fix multiple tail calls (git-fixes).\n- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175918 LTC#187935).\n- s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n- s390/dasd: fix null pointer dereference for ERP requests (git-fixes).\n- s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes).\n- s390/zcrypt: fix kmalloc 256k failure (bsc#1177066 LTC#188341).\n- s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (bsc#1177070 LTC#188342).\n- sched/fair: Ensure tasks spreading in LLC during LB (git fixes (sched)).\n- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (git fixes (sched)).\n- sched: Fix loadavg accounting race on arm64 kabi (bnc#1178227).\n- sched: Fix rq->nr_iowait ordering (git fixes (sched)).\n- scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section\n- scsi: libiscsi: Fix NOP race condition (bsc#1176481).\n- scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n- serial: 8250_mtk: Fix uart_get_baud_rate warning (git-fixes).\n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n- spi: lpspi: Fix use-after-free on unbind (git-fixes).\n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n- staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n- staging: octeon: repair 'fixed-link' support (git-fixes).\n- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n- SUNRPC: fix copying of multiple pages in gss_read_proxy_verf() (bsc#1154353).\n- SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (git-fixes).\n- svcrdma: fix bounce buffers for unaligned offsets and multiple pages (git-fixes).\n- tcp: use sendpage_ok() to detect misused .sendpage (bsc#1172873).\n- thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n- thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (git-fixes).\n- timer: Fix wheel index calculation on last level (git-fixes).\n- timer: Prevent base->clk from moving backward (git-fixes).\n- tpm: efi: Do not create binary_bios_measurements file for an empty log (git-fixes).\n- tpm_tis: Disable interrupts on ThinkPad T490s (git-fixes).\n- tracing: Fix out of bounds write in get_trace_buf (git-fixes).\n- tty: serial: fsl_lpuart: add LS1028A support (git-fixes).\n- tty: serial: fsl_lpuart: LS1021A had a FIFO size of 16 words, like LS1028A (git-fixes).\n- tty: serial: imx: fix potential deadlock (git-fixes).\n- tty: serial: imx: keep console clocks always on (git-fixes).\n- uio: Fix use-after-free in uio_unregister_device() (git-fixes).\n- uio: free uio id after uio file node is freed (git-fixes).\n- USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n- USB: adutux: fix debugging (git-fixes).\n- USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n- USB: cdc-acm: fix cooldown mechanism (git-fixes).\n- USB: core: Change %pK for __user pointers to %px (git-fixes).\n- USB: core: driver: fix stray tabs in error messages (git-fixes).\n- USB: core: Fix regression in Hercules audio card (git-fixes).\n- USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n- USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n- USB: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n- USB: host: fsl-mph-dr-of: check return of dma_set_mask() (git-fixes).\n- USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n- USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n- USB: serial: option: add Quectel EC200T module support (git-fixes).\n- USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n- USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n- USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n- USB: xhci: omit duplicate actions when suspending a runtime suspended host (git-fixes).\n- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n- video: hyperv_fb: include vmalloc.h (git-fixes).\n- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n- virtio: virtio_console: fix DMA memory allocation for rproc serial (git-fixes).\n- vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n- x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n- x86/i8259: Use printk_deferred() to prevent deadlock (git-fixes).\n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1152489).\n- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1152489).\n- xfs: complain if anyone tries to create a too-large buffer log item (bsc#1166146).\n- xfs: do not update mtime on COW faults (bsc#1167030).\n- xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n- xfs: fix brainos in the refcount scrubber's rmap fragment processor (git-fixes).\n- xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n- xfs: fix rmap key and record comparison functions (git-fixes).\n- xfs: fix scrub flagging rtinherit even if there is no rt device (git-fixes).\n- xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n- xfs: introduce XFS_MAX_FILEOFF (bsc#1166166).\n- xfs: prohibit fs freezing when using empty transactions (bsc#1179442).\n- xfs: remove unused variable 'done' (bsc#1166166).\n- xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes).\n- xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (git-fixes).\n- xfs: set xefi_discard when creating a deferred agfl free log intent item (git-fixes).\n- xfs: truncate should remove all blocks, not just to the end of the page cache (bsc#1166166).\n- xhci: Fix sizeof() mismatch (git-fixes).\n- xhci: hisilicon: fix refercence leak in xhci_histb_probe (git-fixes).\n\nkernel-default-base fixes the following issues:\n\n- Add wireguard kernel module (bsc#1179225)\n- Create the list of crypto kernel modules dynamically, supersedes hardcoded list of crc32 implementations (bsc#1177577)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.","title":"Description of the patch"},{"category":"details","text":"openSUSE-2020-2260","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_2260-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2020:2260-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZYES3O2NEKKQXQ3R5CZOH5YCWJ3TJSKH/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2020:2260-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZYES3O2NEKKQXQ3R5CZOH5YCWJ3TJSKH/"},{"category":"self","summary":"SUSE Bug 1149032","url":"https://bugzilla.suse.com/1149032"},{"category":"self","summary":"SUSE Bug 1152489","url":"https://bugzilla.suse.com/1152489"},{"category":"self","summary":"SUSE Bug 1153274","url":"https://bugzilla.suse.com/1153274"},{"category":"self","summary":"SUSE Bug 1154353","url":"https://bugzilla.suse.com/1154353"},{"category":"self","summary":"SUSE Bug 1155518","url":"https://bugzilla.suse.com/1155518"},{"category":"self","summary":"SUSE Bug 1160634","url":"https://bugzilla.suse.com/1160634"},{"category":"self","summary":"SUSE Bug 1166146","url":"https://bugzilla.suse.com/1166146"},{"category":"self","summary":"SUSE Bug 1166166","url":"https://bugzilla.suse.com/1166166"},{"category":"self","summary":"SUSE Bug 1167030","url":"https://bugzilla.suse.com/1167030"},{"category":"self","summary":"SUSE Bug 1167773","url":"https://bugzilla.suse.com/1167773"},{"category":"self","summary":"SUSE Bug 1170139","url":"https://bugzilla.suse.com/1170139"},{"category":"self","summary":"SUSE Bug 1171073","url":"https://bugzilla.suse.com/1171073"},{"category":"self","summary":"SUSE Bug 1171558","url":"https://bugzilla.suse.com/1171558"},{"category":"self","summary":"SUSE Bug 1172873","url":"https://bugzilla.suse.com/1172873"},{"category":"self","summary":"SUSE Bug 1173504","url":"https://bugzilla.suse.com/1173504"},{"category":"self","summary":"SUSE Bug 1174852","url":"https://bugzilla.suse.com/1174852"},{"category":"self","summary":"SUSE Bug 1175306","url":"https://bugzilla.suse.com/1175306"},{"category":"self","summary":"SUSE Bug 1175918","url":"https://bugzilla.suse.com/1175918"},{"category":"self","summary":"SUSE Bug 1176109","url":"https://bugzilla.suse.com/1176109"},{"category":"self","summary":"SUSE Bug 1176180","url":"https://bugzilla.suse.com/1176180"},{"category":"self","summary":"SUSE Bug 1176200","url":"https://bugzilla.suse.com/1176200"},{"category":"self","summary":"SUSE Bug 1176481","url":"https://bugzilla.suse.com/1176481"},{"category":"self","summary":"SUSE Bug 1176586","url":"https://bugzilla.suse.com/1176586"},{"category":"self","summary":"SUSE Bug 1176855","url":"https://bugzilla.suse.com/1176855"},{"category":"self","summary":"SUSE Bug 1176983","url":"https://bugzilla.suse.com/1176983"},{"category":"self","summary":"SUSE Bug 1177066","url":"https://bugzilla.suse.com/1177066"},{"category":"self","summary":"SUSE Bug 1177070","url":"https://bugzilla.suse.com/1177070"},{"category":"self","summary":"SUSE Bug 1177353","url":"https://bugzilla.suse.com/1177353"},{"category":"self","summary":"SUSE Bug 1177397","url":"https://bugzilla.suse.com/1177397"},{"category":"self","summary":"SUSE Bug 1177577","url":"https://bugzilla.suse.com/1177577"},{"category":"self","summary":"SUSE Bug 1177666","url":"https://bugzilla.suse.com/1177666"},{"category":"self","summary":"SUSE Bug 1177703","url":"https://bugzilla.suse.com/1177703"},{"category":"self","summary":"SUSE Bug 1177820","url":"https://bugzilla.suse.com/1177820"},{"category":"self","summary":"SUSE Bug 1178123","url":"https://bugzilla.suse.com/1178123"},{"category":"self","summary":"SUSE Bug 1178182","url":"https://bugzilla.suse.com/1178182"},{"category":"self","summary":"SUSE Bug 1178227","url":"https://bugzilla.suse.com/1178227"},{"category":"self","summary":"SUSE Bug 1178286","url":"https://bugzilla.suse.com/1178286"},{"category":"self","summary":"SUSE Bug 1178304","url":"https://bugzilla.suse.com/1178304"},{"category":"self","summary":"SUSE Bug 1178330","url":"https://bugzilla.suse.com/1178330"},{"category":"self","summary":"SUSE Bug 1178393","url":"https://bugzilla.suse.com/1178393"},{"category":"self","summary":"SUSE Bug 1178401","url":"https://bugzilla.suse.com/1178401"},{"category":"self","summary":"SUSE Bug 1178426","url":"https://bugzilla.suse.com/1178426"},{"category":"self","summary":"SUSE Bug 1178461","url":"https://bugzilla.suse.com/1178461"},{"category":"self","summary":"SUSE Bug 1178579","url":"https://bugzilla.suse.com/1178579"},{"category":"self","summary":"SUSE Bug 1178581","url":"https://bugzilla.suse.com/1178581"},{"category":"self","summary":"SUSE Bug 1178584","url":"https://bugzilla.suse.com/1178584"},{"category":"self","summary":"SUSE Bug 1178585","url":"https://bugzilla.suse.com/1178585"},{"category":"self","summary":"SUSE Bug 1178589","url":"https://bugzilla.suse.com/1178589"},{"category":"self","summary":"SUSE Bug 1178635","url":"https://bugzilla.suse.com/1178635"},{"category":"self","summary":"SUSE Bug 1178653","url":"https://bugzilla.suse.com/1178653"},{"category":"self","summary":"SUSE Bug 1178659","url":"https://bugzilla.suse.com/1178659"},{"category":"self","summary":"SUSE Bug 1178661","url":"https://bugzilla.suse.com/1178661"},{"category":"self","summary":"SUSE Bug 1178669","url":"https://bugzilla.suse.com/1178669"},{"category":"self","summary":"SUSE Bug 1178686","url":"https://bugzilla.suse.com/1178686"},{"category":"self","summary":"SUSE Bug 1178740","url":"https://bugzilla.suse.com/1178740"},{"category":"self","summary":"SUSE Bug 1178755","url":"https://bugzilla.suse.com/1178755"},{"category":"self","summary":"SUSE Bug 1178762","url":"https://bugzilla.suse.com/1178762"},{"category":"self","summary":"SUSE Bug 1178838","url":"https://bugzilla.suse.com/1178838"},{"category":"self","summary":"SUSE Bug 1178853","url":"https://bugzilla.suse.com/1178853"},{"category":"self","summary":"SUSE Bug 1178886","url":"https://bugzilla.suse.com/1178886"},{"category":"self","summary":"SUSE Bug 1179001","url":"https://bugzilla.suse.com/1179001"},{"category":"self","summary":"SUSE Bug 1179012","url":"https://bugzilla.suse.com/1179012"},{"category":"self","summary":"SUSE Bug 1179014","url":"https://bugzilla.suse.com/1179014"},{"category":"self","summary":"SUSE Bug 1179015","url":"https://bugzilla.suse.com/1179015"},{"category":"self","summary":"SUSE Bug 1179045","url":"https://bugzilla.suse.com/1179045"},{"category":"self","summary":"SUSE Bug 1179076","url":"https://bugzilla.suse.com/1179076"},{"category":"self","summary":"SUSE Bug 1179082","url":"https://bugzilla.suse.com/1179082"},{"category":"self","summary":"SUSE Bug 1179107","url":"https://bugzilla.suse.com/1179107"},{"category":"self","summary":"SUSE Bug 1179140","url":"https://bugzilla.suse.com/1179140"},{"category":"self","summary":"SUSE Bug 1179141","url":"https://bugzilla.suse.com/1179141"},{"category":"self","summary":"SUSE Bug 1179160","url":"https://bugzilla.suse.com/1179160"},{"category":"self","summary":"SUSE Bug 1179201","url":"https://bugzilla.suse.com/1179201"},{"category":"self","summary":"SUSE Bug 1179211","url":"https://bugzilla.suse.com/1179211"},{"category":"self","summary":"SUSE Bug 1179217","url":"https://bugzilla.suse.com/1179217"},{"category":"self","summary":"SUSE Bug 1179225","url":"https://bugzilla.suse.com/1179225"},{"category":"self","summary":"SUSE Bug 1179419","url":"https://bugzilla.suse.com/1179419"},{"category":"self","summary":"SUSE Bug 1179424","url":"https://bugzilla.suse.com/1179424"},{"category":"self","summary":"SUSE Bug 1179425","url":"https://bugzilla.suse.com/1179425"},{"category":"self","summary":"SUSE Bug 1179426","url":"https://bugzilla.suse.com/1179426"},{"category":"self","summary":"SUSE Bug 1179427","url":"https://bugzilla.suse.com/1179427"},{"category":"self","summary":"SUSE Bug 1179429","url":"https://bugzilla.suse.com/1179429"},{"category":"self","summary":"SUSE Bug 1179432","url":"https://bugzilla.suse.com/1179432"},{"category":"self","summary":"SUSE Bug 1179442","url":"https://bugzilla.suse.com/1179442"},{"category":"self","summary":"SUSE Bug 1179550","url":"https://bugzilla.suse.com/1179550"},{"category":"self","summary":"SUSE CVE CVE-2020-15436 page","url":"https://www.suse.com/security/cve/CVE-2020-15436/"},{"category":"self","summary":"SUSE CVE CVE-2020-15437 page","url":"https://www.suse.com/security/cve/CVE-2020-15437/"},{"category":"self","summary":"SUSE CVE CVE-2020-25668 page","url":"https://www.suse.com/security/cve/CVE-2020-25668/"},{"category":"self","summary":"SUSE CVE CVE-2020-25669 page","url":"https://www.suse.com/security/cve/CVE-2020-25669/"},{"category":"self","summary":"SUSE CVE CVE-2020-25704 page","url":"https://www.suse.com/security/cve/CVE-2020-25704/"},{"category":"self","summary":"SUSE CVE CVE-2020-27777 page","url":"https://www.suse.com/security/cve/CVE-2020-27777/"},{"category":"self","summary":"SUSE CVE CVE-2020-28915 page","url":"https://www.suse.com/security/cve/CVE-2020-28915/"},{"category":"self","summary":"SUSE CVE CVE-2020-28941 page","url":"https://www.suse.com/security/cve/CVE-2020-28941/"},{"category":"self","summary":"SUSE CVE CVE-2020-28974 page","url":"https://www.suse.com/security/cve/CVE-2020-28974/"},{"category":"self","summary":"SUSE CVE CVE-2020-29369 page","url":"https://www.suse.com/security/cve/CVE-2020-29369/"},{"category":"self","summary":"SUSE CVE CVE-2020-29371 page","url":"https://www.suse.com/security/cve/CVE-2020-29371/"},{"category":"self","summary":"SUSE CVE CVE-2020-4788 page","url":"https://www.suse.com/security/cve/CVE-2020-4788/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2020-12-15T09:29:17Z","generator":{"date":"2020-12-15T09:29:17Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2020:2260-1","initial_release_date":"2020-12-15T09:29:17Z","revision_history":[{"date":"2020-12-15T09:29:17Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","product":{"name":"kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","product_id":"kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"}},{"category":"product_version","name":"kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","product":{"name":"kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","product_id":"kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.2","product":{"name":"openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.2"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"},"product_reference":"kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"},{"category":"default_component_of","full_product_name":{"name":"kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64 as component of openSUSE Leap 15.2","product_id":"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"},"product_reference":"kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.2"}]},"vulnerabilities":[{"cve":"CVE-2020-15436","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-15436"}],"notes":[{"category":"general","text":"Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-15436","url":"https://www.suse.com/security/cve/CVE-2020-15436"},{"category":"external","summary":"SUSE Bug 1179141 for CVE-2020-15436","url":"https://bugzilla.suse.com/1179141"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-15436"},{"cve":"CVE-2020-15437","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-15437"}],"notes":[{"category":"general","text":"The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-15437","url":"https://www.suse.com/security/cve/CVE-2020-15437"},{"category":"external","summary":"SUSE Bug 1179140 for CVE-2020-15437","url":"https://bugzilla.suse.com/1179140"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-15437"},{"cve":"CVE-2020-25668","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-25668"}],"notes":[{"category":"general","text":"A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-25668","url":"https://www.suse.com/security/cve/CVE-2020-25668"},{"category":"external","summary":"SUSE Bug 1178123 for CVE-2020-25668","url":"https://bugzilla.suse.com/1178123"},{"category":"external","summary":"SUSE Bug 1178622 for CVE-2020-25668","url":"https://bugzilla.suse.com/1178622"},{"category":"external","summary":"SUSE Bug 1196914 for CVE-2020-25668","url":"https://bugzilla.suse.com/1196914"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"important"}],"title":"CVE-2020-25668"},{"cve":"CVE-2020-25669","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-25669"}],"notes":[{"category":"general","text":"A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-25669","url":"https://www.suse.com/security/cve/CVE-2020-25669"},{"category":"external","summary":"SUSE Bug 1178182 for CVE-2020-25669","url":"https://bugzilla.suse.com/1178182"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-25669"},{"cve":"CVE-2020-25704","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-25704"}],"notes":[{"category":"general","text":"A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-25704","url":"https://www.suse.com/security/cve/CVE-2020-25704"},{"category":"external","summary":"SUSE Bug 1178393 for CVE-2020-25704","url":"https://bugzilla.suse.com/1178393"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-25704"},{"cve":"CVE-2020-27777","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-27777"}],"notes":[{"category":"general","text":"A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-27777","url":"https://www.suse.com/security/cve/CVE-2020-27777"},{"category":"external","summary":"SUSE Bug 1179107 for CVE-2020-27777","url":"https://bugzilla.suse.com/1179107"},{"category":"external","summary":"SUSE Bug 1179419 for CVE-2020-27777","url":"https://bugzilla.suse.com/1179419"},{"category":"external","summary":"SUSE Bug 1200343 for CVE-2020-27777","url":"https://bugzilla.suse.com/1200343"},{"category":"external","summary":"SUSE Bug 1220060 for CVE-2020-27777","url":"https://bugzilla.suse.com/1220060"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-27777"},{"cve":"CVE-2020-28915","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-28915"}],"notes":[{"category":"general","text":"A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-28915","url":"https://www.suse.com/security/cve/CVE-2020-28915"},{"category":"external","summary":"SUSE Bug 1178886 for CVE-2020-28915","url":"https://bugzilla.suse.com/1178886"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-28915"},{"cve":"CVE-2020-28941","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-28941"}],"notes":[{"category":"general","text":"An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-28941","url":"https://www.suse.com/security/cve/CVE-2020-28941"},{"category":"external","summary":"SUSE Bug 1178740 for CVE-2020-28941","url":"https://bugzilla.suse.com/1178740"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-28941"},{"cve":"CVE-2020-28974","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-28974"}],"notes":[{"category":"general","text":"A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-28974","url":"https://www.suse.com/security/cve/CVE-2020-28974"},{"category":"external","summary":"SUSE Bug 1178589 for CVE-2020-28974","url":"https://bugzilla.suse.com/1178589"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-28974"},{"cve":"CVE-2020-29369","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-29369"}],"notes":[{"category":"general","text":"An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-29369","url":"https://www.suse.com/security/cve/CVE-2020-29369"},{"category":"external","summary":"SUSE Bug 1173504 for CVE-2020-29369","url":"https://bugzilla.suse.com/1173504"},{"category":"external","summary":"SUSE Bug 1179432 for CVE-2020-29369","url":"https://bugzilla.suse.com/1179432"},{"category":"external","summary":"SUSE Bug 1179646 for CVE-2020-29369","url":"https://bugzilla.suse.com/1179646"},{"category":"external","summary":"SUSE Bug 1182109 for CVE-2020-29369","url":"https://bugzilla.suse.com/1182109"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"important"}],"title":"CVE-2020-29369"},{"cve":"CVE-2020-29371","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-29371"}],"notes":[{"category":"general","text":"An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-29371","url":"https://www.suse.com/security/cve/CVE-2020-29371"},{"category":"external","summary":"SUSE Bug 1179429 for CVE-2020-29371","url":"https://bugzilla.suse.com/1179429"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-29371"},{"cve":"CVE-2020-4788","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-4788"}],"notes":[{"category":"general","text":"IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2020-4788","url":"https://www.suse.com/security/cve/CVE-2020-4788"},{"category":"external","summary":"SUSE Bug 1177666 for CVE-2020-4788","url":"https://bugzilla.suse.com/1177666"},{"category":"external","summary":"SUSE Bug 1181158 for CVE-2020-4788","url":"https://bugzilla.suse.com/1181158"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.57.1.lp152.8.17.1.x86_64","openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.57.1.lp152.8.17.1.x86_64"]}],"threats":[{"category":"impact","date":"2020-12-15T09:29:17Z","details":"moderate"}],"title":"CVE-2020-4788"}]}