English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.2578.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:2578-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:2578-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2020:2578-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to 3.12.31 to receive various security and bugfixes.

The following security bug was fixed:

- CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).

The following non-security bugs were fixed:

- EDAC: Fix reference count leaks (bsc#1112178).
- KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast() (bsc#1112178).
- mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (bsc#1175691).
- net/mlx5e: Fix error path of device attach (git-fixes).
- net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes).
- net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes).
- sched/deadline: Initialize ->dl_boosted (bsc#1112178).
- scsi: lpfc: Add and rename a whole bunch of function parameter descriptions (bsc#1171558 bsc#1136666).
- scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#1171558 bsc#1136666).
- scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#1136666).
- scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#1136666).
- scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666).
- scsi: lpfc: NVMe remote port devloss_tmo from lldd (bsc#1171558 bsc#1136666 bsc#1173060).
- scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport (bsc#1171558 bsc#1136666).
- scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#1171558 bsc#1136666).
- scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666).
- scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666).
- scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666).
- scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666).
- vxlan: Ensure FDB dump is performed under RCU (git-fixes).
- x86/fsgsbase/64: Fix NULL deref ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP5.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-14386
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14386
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNCPXERMUHPSGF6S2VVFL5NVVPBBFB63/
http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=acf69c946233259ab4d64f8869d4037a198c7f06
https://seclists.org/oss-sec/2020/q3/146
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
http://www.openwall.com/lists/oss-security/2021/09/17/2
http://www.openwall.com/lists/oss-security/2021/09/17/4
http://www.openwall.com/lists/oss-security/2021/09/21/1
SuSE Security Announcement: openSUSE-SU-2020:1655 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
CopyrightCopyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.