ALT-PU-2020-2031-1
Package kernel-image-un-def updated to version 5.6.15-alt1 for branch sisyphus in task 252324.
Closed vulnerabilities
BDU:2020-05886
Уязвимость gadget_dev_desc_UDC_store в драйверах / usb / gadget / configfs.c (bsc # 1171982) ядра операционной системы Linux, связанная с чтением за границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-00471
Уязвимость драйвера VFIO PCI ядра операционной системы Linux, связанная с недостаточной обработкой исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01920
Уязвимость реализации протокола MIDI ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии
Modified: 2024-11-21
CVE-2020-12888
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
- openSUSE-SU-2020:0935
- openSUSE-SU-2020:1153
- [oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- FEDORA-2020-5436586091
- FEDORA-2020-57bf620276
- https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/
- https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/
- https://security.netapp.com/advisory/ntap-20200608-0001/
- USN-4525-1
- USN-4526-1
- openSUSE-SU-2020:0935
- USN-4526-1
- USN-4525-1
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/
- https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/
- FEDORA-2020-57bf620276
- FEDORA-2020-5436586091
- [debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update
- [debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update
- [oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
- openSUSE-SU-2020:1153
Modified: 2024-11-21
CVE-2020-13143
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
- openSUSE-SU-2020:0801
- openSUSE-SU-2020:0935
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- https://security.netapp.com/advisory/ntap-20200608-0001/
- USN-4411-1
- USN-4412-1
- USN-4413-1
- USN-4414-1
- USN-4419-1
- DSA-4698
- DSA-4699
- https://www.spinics.net/lists/linux-usb/msg194331.html
- openSUSE-SU-2020:0801
- https://www.spinics.net/lists/linux-usb/msg194331.html
- DSA-4699
- DSA-4698
- USN-4419-1
- USN-4414-1
- USN-4413-1
- USN-4412-1
- USN-4411-1
- https://security.netapp.com/advisory/ntap-20200608-0001/
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update
- [debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update
- [debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c
- openSUSE-SU-2020:0935
Modified: 2024-11-21
CVE-2020-27786
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
- [oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1
- [oss-security] 20201203 Re: Linux Kernel: ALSA: use-after-free Write in snd_rawmidi_kernel_write1
- https://bugzilla.redhat.com/show_bug.cgi?id=1900933
- https://bugzilla.redhat.com/show_bug.cgi?id=1900933
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d
- https://security.netapp.com/advisory/ntap-20210122-0002/
- https://security.netapp.com/advisory/ntap-20210122-0002/