suse-su-2020:3715-1
Vulnerability from csaf_suse
Published
2020-12-08 17:35
Modified
2020-12-08 17:35
Summary
Security update for the Linux Kernel

Notes

Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140). - CVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107). - CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589). - CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886). - CVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415). - CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123). - CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393). - CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182). The following non-security bugs were fixed: - 9P: Cast to loff_t before multiplying (git-fixes). - acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes). - ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes). - ACPI / extlog: Check for RDMSR failure (git-fixes). - ACPI: GED: fix -Wformat (git-fixes). - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes). - ALSA: ctl: fix error path at adding user-defined element set (git-fixes). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda - Fix the return value if cb func is already registered (git-fixes). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes). - ALSA: mixart: Fix mutex deadlock (git-fixes). - ALSA: usb-audio: Fix potential use-after-free of streams (gix-fixes). - arm64: KVM: Fix system register enumeration (bsc#1174726). - arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes). - arm/arm64: KVM: Add PSCI version selection API (bsc#1174726). - ASoC: qcom: lpass-platform: Fix memory leak (git-fixes). - ata: sata_rcar: Fix DMA boundary mask (git-fixes). - ath10k: Acquire tx_lock in tx error paths (git-fixes). - ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes). - ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes). - batman-adv: set .owner to THIS_MODULE (git-fixes). - Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes). - Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - btrfs: account ticket size at add/delete time (bsc#1178897). - btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897). - btrfs: check rw_devices, not num_devices for balance (bsc#1178897). - btrfs: do not delete mismatched root refs (bsc#1178962). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897). - btrfs: fix force usage in inc_block_group_ro (bsc#1178897). - btrfs: fix invalid removal of root ref (bsc#1178962). - btrfs: fix reclaim counter leak of space_info objects (bsc#1178897). - btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897). - btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897). - btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962). - btrfs: split dev-replace locking helpers for read and write (bsc#1178897). - bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: gs_usb: fix endianess problem with candleLight firmware (git-fixes). - can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes). - can: peak_usb: add range checking in decode operations (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes). - can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes). - ceph: add check_session_state() helper and make it global (bsc#1179259). - ceph: check session state after bumping session->s_seq (bsc#1179259). - ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: remove bogus debug code (bsc#1179427). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - clk: ti: clockdomain: fix static checker warning (git-fixes). - Convert trailing spaces and periods in path components (bsc#1179424). - crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes). - debugfs: Fix module state check condition (git-fixes). - docs: ABI: stable: remove a duplicated documentation (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - dpaa_eth: fix the RX headroom size alignment (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - Drivers: hv: vmbus: Remove the unused 'tsc_page' from struct hv_context (git-fixes). - drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes). - drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes). - drm/amdgpu: do not map BO in reserved region (git-fixes). - drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes). - drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/i915: Force VT'd workarounds when running as a guest OS (git-fixes). - drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes). - drm/imx: tve remove extraneous type qualifier (git-fixes). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes). - drm/ttm: fix eviction valuable range check (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - efi: cper: Fix possible out-of-bounds access (git-fixes). - efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes). - efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes). - efi: provide empty efi_enter_virtual_mode implementation (git-fixes). - efivarfs: fix memory leak in efivarfs_create() (git-fixes). - efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes). - efivarfs: revert 'fix memory leak in efivarfs_create()' (git-fixes). - efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes). - efi/x86: Free efi_pgd with free_pages() (bsc#1112178). - efi/x86: Ignore the memory attributes table on i386 (git-fixes). - efi/x86: Map the entire EFI vendor string before copying it (git-fixes). - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - fuse: fix page dereference after free (bsc#1179213). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient 'ownerless' rtmutex state correctly (bsc#1067665). - hv_balloon: disable warning when floor reached (git-fixes). - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - IB/core: Set qp->real_qp before it may be accessed (bsc#1111666) - IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666) - IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666) - IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666) - IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666) - IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666) - IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666) - IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666) - IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666) - IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666) - IB/hfi1: Handle port down properly in pio (bsc#1111666) - IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666) - IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666) - IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666) - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666) - IB/hfi1: Remove unused define (bsc#1111666) - IB/hfi1: Silence txreq allocation warnings (bsc#1111666) - IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666) - IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666) - IB/ipoib: drop useless LIST_HEAD (bsc#1111666) - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666) - IB/iser: Fix dma_nents type definition (bsc#1111666) - IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666) - IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666) - IB/mlx4: Fix leak in id_map_find_del (bsc#1111666) - IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666) - IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666) - IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666) - IB/mlx4: Remove unneeded NULL check (bsc#1111666) - IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666) - IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666) - IB/mlx5: Do not override existing ip_protocol (bsc#1111666) - IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666) - IB/mlx5: Fix implicit MR release flow (bsc#1111666) - IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666) - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666) - IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666) - IB/mlx5: Improve ODP debugging messages (bsc#1111666) - IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666) - IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666) - IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666) - IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666) - IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666) - IB/mlx5: Use fragmented QP's buffer for in-kernel users (bsc#1111666) - IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666) - IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666) - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666) - IB/qib: Remove a set-but-not-used variable (bsc#1111666) - IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666) - IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666) - IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666) - IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666) - IB/rxe: Make counters thread safe (bsc#1111666) - IB/umad: Avoid additional device reference during open()/close() (bsc#1111666) - IB/umad: Avoid destroying device while it is accessed (bsc#1111666) - IB/umad: Do not check status of nonseekable_open() (bsc#1111666) - IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666) - IB/umad: Refactor code to use cdev_device_add() (bsc#1111666) - IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666) - IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666) - IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666) - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - ipmi: use vzalloc instead of kmalloc for user creation (bsc#1178607). - iw_cxgb4: fix ECN check on the passive accept (bsc#1111666) - iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666) - kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - KVM: arm64: Add missing #include of <linux/string.h> in guest.c (bsc#1174726). - KVM: arm64: Factor out core register ID enumeration (bsc#1174726). - KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726). - KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726). - KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726). - KVM host: kabi fixes for psci_version (bsc#1174726). - leds: bcm6328, bcm6358: use devres LED registering function (git-fixes). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: always wind down STA state (git-fixes). - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - media: platform: Improve queue set up flow for bug fixing (git-fixes). - media: tw5864: check status of tw5864_frameinterval_get (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - mtd: lpddr: Fix bad logic in print_drs_error (git-fixes). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes). - NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304). - NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - ocfs2: fix unbalanced locking (git-fixes). - p54: avoid accessing the data mapped to streaming DMA (git-fixes). - PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes). - pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes). - pinctrl: amd: use higher precision for 512 RtcClk (git-fixes). - pinctrl: aspeed: Fix GPI only function problem (git-fixes). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes). - powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes). - powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc: Fix circular dependency between percpu.h and mmu.h (git-fixes). - powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - powerpc/vnic: Extend 'failover pending' window (bsc#1176855 ltc#187293). - power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes). - RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666) - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666) - RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666) - RDMA/cma: Fix false error message (bsc#1111666) - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666) - RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666) - RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666) - RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666) - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666) - RDMA/core: Fix race when resolving IP address (bsc#1111666) - RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666) - RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666) - RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666) - RDMA/hns: Remove unsupported modify_port callback (bsc#1111666) - RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666) - RDMA/i40iw: Set queue pair state when being queried (bsc#1111666) - RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666) - RDMA/iwcm: Fix a lock inversion issue (bsc#1111666) - RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666) - RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666) - RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666) - RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666) - RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666) - RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666) - RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666) - RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666) - RDMA/mlx5: Fix function name typo 'fileds' -> 'fields' (bsc#1111666) - RDMA/mlx5: Return proper error value (bsc#1111666) - RDMA/nes: Remove second wait queue initialization call (bsc#1111666) - RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666) - RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666) - RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666) - RDMA/qedr: Fix reported firmware version (bsc#1111666) - RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666) - RDMA/qib: Delete extra line (bsc#1111666) - RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666) - RDMA/qib: Validate ->show()/store() callbacks before calling them (bsc#1111666) - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666) - RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666) - RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666) - RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666) - RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666) - RDMA/srp: Rework SCSI device reset handling (bsc#1111666) - RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666) - RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666) - RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666) - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666) - RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666) - RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666) - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: defer probe when trying to get voltage from unresolved supply (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: resolve supply after creating regulator (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert 'cdc-acm: hardening against malicious devices' (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666) - rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666) - rxe: fix error completion wr_id and qp_num (bsc#1111666) - s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737). - s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937). - s390/dasd: fix inability to use DASD with DIAG driver (bsc#1177809 LTC#188738). - s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739). - s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323). - sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178). - sched/x86: SaveFLAGS on context switch (bsc#1112178). - scripts/git_sort/git_sort.py: add ceph maintainers git tree - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666) - staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes). - staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes). - staging: octeon: repair 'fixed-link' support (git-fixes). - staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - tty: serial: imx: keep console clocks always on (git-fixes). - Update patches.suse/vfs-add-super_operations-get_inode_dev (bsc#927455 bsc#1176983). - Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - USB: adutux: fix debugging (git-fixes). - USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes). - USB: cdc-acm: fix cooldown mechanism (git-fixes). - USB: core: driver: fix stray tabs in error messages (git-fixes). - USB: core: Fix regression in Hercules audio card (git-fixes). - USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes). - USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes). - USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes). - USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes). - USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes). - USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes). - USB: xhci: force all memory allocations to node (git-fixes). - video: fbdev: pvr2fb: initialize variables (git-fixes). - video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/hyperv: Clarify comment on x2apic mode (git-fixes). - x86/hyperv: Make vapic support x2apic mode (git-fixes). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178). - x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes). - x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes). - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178). - x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes). - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907). - xfs: do not update mtime on COW faults (bsc#1167030). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). - xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes). - xfs: revert 'xfs: fix rmap key and record comparison functions' (git-fixes). - xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes). - xhci: Fix sizeof() mismatch (git-fixes).
Patchnames
SUSE-2020-3715,SUSE-SLE-SERVER-12-SP5-2020-3715
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2020-15437: Fixed a null pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n- CVE-2020-27777: Restrict RTAS requests from userspace  (bsc#1179107).\n- CVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n- CVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n- CVE-2020-8694: Insufficient access control for some Intel(R) Processors may have allowed an authenticated user to potentially enable information disclosure via local access (bsc#1170415).\n- CVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n- CVE-2020-25704: Fixed a memory leak in perf_event_parse_addr_filter() (bsc#1178393).\n- CVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nThe following non-security bugs were fixed:\n\n- 9P: Cast to loff_t before multiplying (git-fixes).\n- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (git-fixes).\n- ACPI: debug: do not allow debugging when ACPI is disabled (git-fixes).\n- ACPI / extlog: Check for RDMSR failure (git-fixes).\n- ACPI: GED: fix -Wformat (git-fixes).\n- ACPI: NFIT: Fix comparison to \u0027-ENXIO\u0027 (git-fixes).\n- ACPI: video: use ACPI backlight for HP 635 Notebook (git-fixes).\n- ALSA: ctl: fix error path at adding user-defined element set (git-fixes).\n- ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (git-fixes).\n- ALSA: hda - Fix the return value if cb func is already registered (git-fixes).\n- ALSA: hda - Fix the return value if cb func is already registered (git-fixes).\n- ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (git-fixes).\n- ALSA: mixart: Fix mutex deadlock (git-fixes).\n- ALSA: usb-audio: Fix potential use-after-free of streams (gix-fixes).\n- arm64: KVM: Fix system register enumeration (bsc#1174726).\n- arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs (git-fixes).\n- arm/arm64: KVM: Add PSCI version selection API (bsc#1174726).\n- ASoC: qcom: lpass-platform: Fix memory leak (git-fixes).\n- ata: sata_rcar: Fix DMA boundary mask (git-fixes).\n- ath10k: Acquire tx_lock in tx error paths (git-fixes).\n- ath10k: fix VHT NSS calculation when STBC is enabled (git-fixes).\n- ath10k: start recovery process when payload length exceeds max htc length for sdio (git-fixes).\n- batman-adv: set .owner to THIS_MODULE (git-fixes).\n- Bluetooth: btusb: Fix and detect most of the Chinese Bluetooth controllers (git-fixes).\n- Bluetooth: hci_bcm: fix freeing not-requested IRQ (git-fixes).\n- bpf: Zero-fill re-used per-cpu map element (git-fixes).\n- btrfs: account ticket size at add/delete time (bsc#1178897).\n- btrfs: add helper to obtain number of devices with ongoing dev-replace (bsc#1178897).\n- btrfs: check rw_devices, not num_devices for balance (bsc#1178897).\n- btrfs: do not delete mismatched root refs (bsc#1178962).\n- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1178897).\n- btrfs: fix force usage in inc_block_group_ro (bsc#1178897).\n- btrfs: fix invalid removal of root ref (bsc#1178962).\n- btrfs: fix reclaim counter leak of space_info objects (bsc#1178897).\n- btrfs: fix reclaim_size counter leak after stealing from global reserve (bsc#1178897).\n- btrfs: kill min_allocable_bytes in inc_block_group_ro (bsc#1178897).\n- btrfs: rework arguments of btrfs_unlink_subvol (bsc#1178962).\n- btrfs: split dev-replace locking helpers for read and write (bsc#1178897). \n- bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (git-fixes).\n- can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes).\n- can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes).\n- can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (git-fixes).\n- can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (git-fixes).\n- can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (git-fixes).\n- can: dev: can_restart(): post buffer from the right context (git-fixes).\n- can: gs_usb: fix endianess problem with candleLight firmware (git-fixes).\n- can: m_can: fix nominal bitiming tseg2 min for version \u003e= 3.1 (git-fixes).\n- can: m_can: m_can_handle_state_change(): fix state change (git-fixes).\n- can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes).\n- can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes).\n- can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (git-fixes).\n- can: peak_usb: add range checking in decode operations (git-fixes).\n- can: peak_usb: fix potential integer overflow on shift of a int (git-fixes).\n- can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (git-fixes).\n- can: rx-offload: do not call kfree_skb() from IRQ context (git-fixes).\n- ceph: add check_session_state() helper and make it global (bsc#1179259).\n- ceph: check session state after bumping session-\u003es_seq (bsc#1179259).\n- ceph: fix race in concurrent __ceph_remove_cap invocations (bsc#1178635).\n- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).\n- cifs: remove bogus debug code (bsc#1179427).\n- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).\n- clk: ti: clockdomain: fix static checker warning (git-fixes).\n- Convert trailing spaces and periods in path components (bsc#1179424).\n- crypto: bcm - Verify GCM/CCM key length in setkey (git-fixes).\n- debugfs: Fix module state check condition (git-fixes).\n- docs: ABI: stable: remove a duplicated documentation (git-fixes).\n- docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes).\n- dpaa_eth: fix the RX headroom size alignment (git-fixes).\n- drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873).\n- Drivers: hv: vmbus: Remove the unused \u0027tsc_page\u0027 from struct hv_context (git-fixes).\n- drm/amd/display: Do not invoke kgdb_breakpoint() unconditionally (git-fixes).\n- drm/amd/display: HDMI remote sink need mode validation for Linux (git-fixes).\n- drm/amdgpu: do not map BO in reserved region (git-fixes).\n- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (git-fixes).\n- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (git-fixes).\n- drm/i915: Break up error capture compression loops with cond_resched() (git-fixes).\n- drm/i915: Force VT\u0027d workarounds when running as a guest OS (git-fixes).\n- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).\n- drm/imx: tve remove extraneous type qualifier (git-fixes).\n- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (git-fixes).\n- drm/ttm: fix eviction valuable range check (git-fixes).\n- drm/vc4: drv: Add error handding for bind (git-fixes).\n- Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size.\n- efi: cper: Fix possible out-of-bounds access (git-fixes).\n- efi/efivars: Add missing kobject_put() in sysfs entry creation error path (git-fixes).\n- efi/esrt: Fix reference count leak in esre_create_sysfs_entry (git-fixes).\n- efi: provide empty efi_enter_virtual_mode implementation (git-fixes).\n- efivarfs: fix memory leak in efivarfs_create() (git-fixes).\n- efivarfs: Replace invalid slashes with exclamation marks in dentries (git-fixes).\n- efivarfs: revert \u0027fix memory leak in efivarfs_create()\u0027 (git-fixes).\n- efi/x86: Do not panic or BUG() on non-critical error conditions (git-fixes).\n- efi/x86: Free efi_pgd with free_pages() (bsc#1112178).\n- efi/x86: Ignore the memory attributes table on i386 (git-fixes).\n- efi/x86: Map the entire EFI vendor string before copying it (git-fixes).\n- fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549).\n- ftrace: Fix recursion check for NMI test (git-fixes).\n- ftrace: Handle tracing when switching between context (git-fixes).\n- fuse: fix page dereference after free (bsc#1179213).\n- futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665).\n- futex: Handle transient \u0027ownerless\u0027 rtmutex state correctly (bsc#1067665).\n- hv_balloon: disable warning when floor reached (git-fixes).\n- hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820).\n- hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820).\n- hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820).\n- hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854).\n- hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854).\n- hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306).\n- IB/core: Set qp-\u003ereal_qp before it may be accessed (bsc#1111666)\n- IB/hfi1: Add missing INVALIDATE opcodes for trace (bsc#1111666)\n- IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats (bsc#1111666)\n- IB/hfi1: Add software counter for ctxt0 seq drop (bsc#1111666)\n- IB/hfi1: Avoid hardlockup with flushlist_lock (bsc#1111666)\n- IB/hfi1: Check for error on call to alloc_rsm_map_table (bsc#1111666)\n- IB/hfi1: Close PSM sdma_progress sleep window (bsc#1111666)\n- IB/hfi1: Define variables as unsigned long to fix KASAN warning (bsc#1111666)\n- IB/hfi1: Ensure full Gen3 speed in a Gen4 system (bsc#1111666)\n- IB/hfi1: Fix Spectre v1 vulnerability (bsc#1111666)\n- IB/hfi1: Handle port down properly in pio (bsc#1111666)\n- IB/hfi1: Handle wakeup of orphaned QPs for pio (bsc#1111666)\n- IB/hfi1: Insure freeze_work work_struct is canceled on shutdown (bsc#1111666)\n- IB/hfi1, qib: Ensure RCU is locked when accessing list (bsc#1111666)\n- IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM (bsc#1111666)\n- IB/hfi1: Remove unused define (bsc#1111666)\n- IB/hfi1: Silence txreq allocation warnings (bsc#1111666)\n- IB/hfi1: Validate page aligned for a given virtual address (bsc#1111666)\n- IB/hfi1: Wakeup QPs orphaned on wait list after flush (bsc#1111666)\n- IB/ipoib: drop useless LIST_HEAD (bsc#1111666)\n- IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start (bsc#1111666)\n- IB/iser: Fix dma_nents type definition (bsc#1111666)\n- IB/iser: Pass the correct number of entries for dma mapped SGL (bsc#1111666)\n- IB/mad: Fix use-after-free in ib mad completion handling (bsc#1111666)\n- IB/mlx4: Fix leak in id_map_find_del (bsc#1111666)\n- IB/mlx4: Fix memory leak in add_gid error flow (bsc#1111666)\n- IB/mlx4: Fix race condition between catas error reset and aliasguid flows (bsc#1111666)\n- IB/mlx4: Follow mirror sequence of device add during device removal (bsc#1111666)\n- IB/mlx4: Remove unneeded NULL check (bsc#1111666)\n- IB/mlx5: Add missing XRC options to QP optional params mask (bsc#1111666)\n- IB/mlx5: Compare only index part of a memory window rkey (bsc#1111666)\n- IB/mlx5: Do not override existing ip_protocol (bsc#1111666)\n- IB/mlx5: Fix clean_mr() to work in the expected order (bsc#1111666)\n- IB/mlx5: Fix implicit MR release flow (bsc#1111666)\n- IB/mlx5: Fix outstanding_pi index for GSI qps (bsc#1111666)\n- IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification (bsc#1111666)\n- IB/mlx5: Fix unreg_umr to ignore the mkey state (bsc#1111666)\n- IB/mlx5: Improve ODP debugging messages (bsc#1111666)\n- IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache (bsc#1111666)\n- IB/mlx5: Prevent concurrent MR updates during invalidation (bsc#1111666)\n- IB/mlx5: Reset access mask when looping inside page fault handler (bsc#1111666)\n- IB/mlx5: Set correct write permissions for implicit ODP MR (bsc#1111666)\n- IB/mlx5: Use direct mkey destroy command upon UMR unreg failure (bsc#1111666)\n- IB/mlx5: Use fragmented QP\u0027s buffer for in-kernel users (bsc#1111666)\n- IB/mlx5: WQE dump jumps over first 16 bytes (bsc#1111666)\n- IB/qib: Fix an error code in qib_sdma_verbs_send() (bsc#1111666)\n- IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value (bsc#1111666)\n- IB/qib: Remove a set-but-not-used variable (bsc#1111666)\n- IB/rdmavt: Convert timers to use timer_setup() (bsc#1111666)\n- IB/rdmavt: Fix alloc_qpn() WARN_ON() (bsc#1111666)\n- IB/rdmavt: Reset all QPs when the device is shut down (bsc#1111666)\n- IB/rxe: Fix incorrect cache cleanup in error flow (bsc#1111666)\n- IB/rxe: Make counters thread safe (bsc#1111666)\n- IB/umad: Avoid additional device reference during open()/close() (bsc#1111666)\n- IB/umad: Avoid destroying device while it is accessed (bsc#1111666)\n- IB/umad: Do not check status of nonseekable_open() (bsc#1111666)\n- IB/umad: Fix kernel crash while unloading ib_umad (bsc#1111666)\n- IB/umad: Refactor code to use cdev_device_add() (bsc#1111666)\n- IB/umad: Simplify and avoid dynamic allocation of class (bsc#1111666)\n- IB/usnic: Fix out of bounds index check in query pkey (bsc#1111666)\n- IB/uverbs: Fix OOPs upon device disassociation (bsc#1111666)\n- iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (git-fixes).\n- iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (git-fixes).\n- inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes).\n- Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes).\n- ipmi: use vzalloc instead of kmalloc for user creation (bsc#1178607).\n- iw_cxgb4: fix ECN check on the passive accept (bsc#1111666)\n- iw_cxgb4: only reconnect with MPAv1 if the peer aborts (bsc#1111666)\n- kABI: add back flush_dcache_range (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes).\n- KVM: arm64: Add missing #include of \u003clinux/string.h\u003e in guest.c (bsc#1174726).\n- KVM: arm64: Factor out core register ID enumeration (bsc#1174726).\n- KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST (bsc#1174726).\n- KVM: arm64: Refactor kvm_arm_num_regs() for easier maintenance (bsc#1174726).\n- KVM: arm64: Reject ioctl access to FPSIMD V-regs on SVE vcpus (bsc#1174726).\n- KVM host: kabi fixes for psci_version (bsc#1174726).\n- leds: bcm6328, bcm6358: use devres LED registering function (git-fixes).\n- libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873).\n- libnvdimm/nvdimm/flush: Allow architecture to override the flush barrier (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549).\n- locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549).\n- locktorture: Print ratio of acquisitions, not failures (bsc#1050549).\n- mac80211: always wind down STA state (git-fixes).\n- mac80211: free sta in sta_info_insert_finish() on errors (git-fixes).\n- mac80211: minstrel: fix tx status processing corner case (git-fixes).\n- mac80211: minstrel: remove deferred sampling code (git-fixes).\n- media: platform: Improve queue set up flow for bug fixing (git-fixes).\n- media: tw5864: check status of tw5864_frameinterval_get (git-fixes).\n- memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703).\n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (bsc#1112178).\n- mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes).\n- mm/memcg: fix refcount error while moving and swapping (bsc#1178686).\n- mtd: lpddr: Fix bad logic in print_drs_error (git-fixes).\n- net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873).\n- net: ena: Capitalize all log strings and improve code readability (bsc#1177397).\n- net: ena: Change license into format to SPDX in all files (bsc#1177397).\n- net: ena: Change log message to netif/dev function (bsc#1177397).\n- net: ena: Change RSS related macros and variables names (bsc#1177397).\n- net: ena: ethtool: Add new device statistics (bsc#1177397).\n- net: ena: ethtool: add stats printing to XDP queues (bsc#1177397).\n- net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397).\n- net: ena: Fix all static chekers\u0027 warnings (bsc#1177397).\n- net: ena: Remove redundant print of placement policy (bsc#1177397).\n- net: ena: xdp: add queue counters for xdp actions (bsc#1177397).\n- netfilter: nat: can\u0027t use dst_hold on noref dst (bsc#1178878).\n- net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873).\n- net/mlx4_core: Fix init_hca fields offset (git-fixes).\n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes).\n- nfc: s3fwrn5: use signed integer for parsing GPIO numbers (git-fixes).\n- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).\n- NFS: only invalidate dentrys that are clearly invalid (bsc#1178669 bsc#1170139).\n- NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630).\n- nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873).\n- ocfs2: fix unbalanced locking (git-fixes).\n- p54: avoid accessing the data mapped to streaming DMA (git-fixes).\n- PCI: pci-hyperv: Fix build errors on non-SYSFS config (git-fixes).\n- pinctrl: amd: fix incorrect way to disable debounce filter (git-fixes).\n- pinctrl: amd: use higher precision for 512 RtcClk (git-fixes).\n- pinctrl: aspeed: Fix GPI only function problem (git-fixes).\n- pinctrl: intel: Set default bias in case no particular value given (git-fixes).\n- platform/x86: toshiba_acpi: Fix the wrong variable assignment (git-fixes).\n- powerpc/32: define helpers to get L1 cache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/64: flush_inval_dcache_range() becomes flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/64: reuse PPC32 static inline flush_dcache_range() (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc: Chunk calls to flush_dcache_range in arch_*_memory (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964 git-fixes).\n- powerpc: define helpers to get L1 icache sizes (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc: Fix circular dependency between percpu.h and mmu.h (git-fixes).\n- powerpc/mm: Flush cache on memory hot(un)plug (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add flush routines using new pmem store and sync instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Add new instructions for persistent storage and sync (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Avoid the barrier in flush routines (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Fix kernel crash due to wrong range value usage in flush_dcache_range (jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Initialize pmem device on newer hardware (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Restrict papr_scm to P8 and above (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pmem: Update ppc64 to use the new barrier instruction (jsc#SLE-16402 jsc#SLE-16497 bsc#1176109 ltc#187964).\n- powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968).\n- powerpc/vnic: Extend \u0027failover pending\u0027 window (bsc#1176855 ltc#187293).\n- powerpc/vnic: Extend \u0027failover pending\u0027 window (bsc#1176855 ltc#187293).\n- power: supply: test_power: add missing newlines when printing parameters by sysfs (git-fixes).\n- RDMA/bnxt_re: Fix Send Work Entry state check while polling completions (bsc#1111666)\n- RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bsc#1111666)\n- RDMA/cma: add missed unregister_pernet_subsys in init failure (bsc#1111666)\n- RDMA/cma: Fix false error message (bsc#1111666)\n- RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bsc#1111666)\n- RDMA/core: Do not depend device ODP capabilities on kconfig option (bsc#1111666)\n- RDMA/core: Fix invalid memory access in spec_filter_size (bsc#1111666)\n- RDMA/core: Fix locking in ib_uverbs_event_read (bsc#1111666)\n- RDMA/core: Fix protection fault in ib_mr_pool_destroy (bsc#1111666)\n- RDMA/core: Fix race when resolving IP address (bsc#1111666)\n- RDMA/cxgb3: Delete and properly mark unimplemented resize CQ function (bsc#1111666)\n- RDMA: Directly cast the sockaddr union to sockaddr (bsc#1111666)\n- RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN (bsc#1111666)\n- RDMA/hns: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/i40iw: fix a potential NULL pointer dereference (bsc#1111666)\n- RDMA/i40iw: Set queue pair state when being queried (bsc#1111666)\n- RDMA/ipoib: Remove check for ETH_SS_TEST (bsc#1111666)\n- RDMA/iwcm: Fix a lock inversion issue (bsc#1111666)\n- RDMA/iwcm: Fix iwcm work deallocation (bsc#1111666)\n- RDMA/iwcm: move iw_rem_ref() calls out of spinlock (bsc#1111666)\n- RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case (bsc#1111666)\n- RDMA/iw_cxgb4: Fix the unchecked ep dereference (bsc#1111666)\n- RDMA/mlx5: Clear old rate limit when closing QP (bsc#1111666)\n- RDMA/mlx5: Delete unreachable handle_atomic code by simplifying SW completion (bsc#1111666)\n- RDMA/mlx5: Fix access to wrong pointer while performing flush due to error (bsc#1111666)\n- RDMA/mlx5: Fix a race with mlx5_ib_update_xlt on an implicit MR (bsc#1111666)\n- RDMA/mlx5: Fix function name typo \u0027fileds\u0027 -\u003e \u0027fields\u0027 (bsc#1111666)\n- RDMA/mlx5: Return proper error value (bsc#1111666)\n- RDMA/nes: Remove second wait queue initialization call (bsc#1111666)\n- RDMA/netlink: Do not always generate an ACK for some netlink operations (bsc#1111666)\n- RDMA/ocrdma: Fix out of bounds index check in query pkey (bsc#1111666)\n- RDMA/ocrdma: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/qedr: Fix memory leak in user qp and mr (bsc#1111666)\n- RDMA/qedr: Fix reported firmware version (bsc#1111666)\n- RDMA/qedr: Remove unsupported modify_port callback (bsc#1111666)\n- RDMA/qib: Delete extra line (bsc#1111666)\n- RDMA/qib: Remove all occurrences of BUG_ON() (bsc#1111666)\n- RDMA/qib: Validate -\u003eshow()/store() callbacks before calling them (bsc#1111666)\n- RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM (bsc#1111666)\n- RDMA/rxe: Fix configuration of atomic queue pair attributes (bsc#1111666)\n- RDMA/rxe: Fix slab-out-bounds access which lead to kernel crash later (bsc#1111666)\n- RDMA/rxe: Fix soft lockup problem due to using tasklets in softirq (bsc#1111666)\n- RDMA/rxe: Use for_each_sg_page iterator on umem SGL (bsc#1111666)\n- RDMA/srp: Rework SCSI device reset handling (bsc#1111666)\n- RDMA/srpt: Report the SCSI residual to the initiator (bsc#1111666)\n- RDMA/ucma: Add missing locking around rdma_leave_multicast() (bsc#1111666)\n- RDMA/ucma: Put a lock around every call to the rdma_cm layer (bsc#1111666)\n- RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated (bsc#1111666)\n- RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove (bsc#1111666)\n- RDMA/vmw_pvrdma: Use atomic memory allocation in create AH (bsc#1111666)\n- regulator: avoid resolve_supply() infinite recursion (git-fixes).\n- regulator: defer probe when trying to get voltage from unresolved supply (git-fixes).\n- regulator: fix memory leak with repeated set_machine_constraints() (git-fixes).\n- regulator: resolve supply after creating regulator (git-fixes).\n- regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes).\n- regulator: workaround self-referent regulators (git-fixes).\n- Revert \u0027cdc-acm: hardening against malicious devices\u0027 (git-fixes).\n- ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes).\n- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bsc#1111666)\n- rxe: correctly calculate iCRC for unaligned payloads (bsc#1111666)\n- rxe: fix error completion wr_id and qp_num (bsc#1111666)\n- s390/cio: add cond_resched() in the slow_eval_known_fn() loop (bsc#1177805 LTC#188737).\n- s390/cpum_cf,perf: change DFLT_CCERROR counter name (bsc#1175916 LTC#187937).\n- s390/dasd: fix inability to use DASD with DIAG driver (bsc#1177809 LTC#188738).\n- s390/dasd: Fix zero write for FBA devices (bsc#1177808 LTC#188739).\n- s390: kernel/uv: handle length extension properly (bsc#1178940 LTC#189323).\n- sched/core: Fix PI boosting between RT and DEADLINE tasks (bsc#1112178).\n- sched/x86: SaveFLAGS on context switch (bsc#1112178).\n- scripts/git_sort/git_sort.py: add ceph maintainers git tree\n- scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873).\n- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes).\n- scsi: RDMA/srpt: Fix a credit leak for aborted commands (bsc#1111666)\n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (git-fixes).\n- staging: octeon: Drop on uncorrectable alignment or FCS error (git-fixes).\n- staging: octeon: repair \u0027fixed-link\u0027 support (git-fixes).\n- staging: rtl8188eu: rtw_mlme: Fix uninitialized variable authmode (git-fixes).\n- staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (git-fixes).\n- thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes).\n- time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes).\n- tty: serial: imx: keep console clocks always on (git-fixes).\n- Update patches.suse/vfs-add-super_operations-get_inode_dev (bsc#927455 bsc#1176983). \n- Update references in patches.suse/net-smc-tolerate-future-smcd-versions (bsc#1172542 LTC#186070 git-fixes).\n- USB: Add NO_LPM quirk for Kingston flash drive (git-fixes).\n- USB: adutux: fix debugging (git-fixes).\n- USB: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (git-fixes).\n- USB: cdc-acm: fix cooldown mechanism (git-fixes).\n- USB: core: driver: fix stray tabs in error messages (git-fixes).\n- USB: core: Fix regression in Hercules audio card (git-fixes).\n- USB: gadget: Fix memleak in gadgetfs_fill_super (git-fixes).\n- USB: gadget: f_midi: Fix memleak in f_midi_alloc (git-fixes).\n- USB: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).\n- USB: host: xhci: fix ep context print mismatch in debugfs (git-fixes).\n- USB: host: xhci-mtk: avoid runtime suspend when removing hcd (git-fixes).\n- USB: mtu3: fix panic in mtu3_gadget_stop() (git-fixes).\n- USB: serial: cyberjack: fix write-URB completion race (git-fixes).\n- USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes).\n- USB: serial: option: add Cellient MPL200 card (git-fixes).\n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes).\n- USB: serial: option: add Quectel EC200T module support (git-fixes).\n- USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes).\n- USB: serial: option: Add Telit FT980-KS composition (git-fixes).\n- USB: serial: pl2303: add device-id for HP GC device (git-fixes).\n- USB: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (git-fixes).\n- USB: typec: tcpm: reset hard_reset_count for any disconnect (git-fixes).\n- USB: xhci: force all memory allocations to node (git-fixes).\n- video: fbdev: pvr2fb: initialize variables (git-fixes).\n- video: hyperv_fb: Fix the cache type when mapping the VRAM (git-fixes).\n- video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306).\n- video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306).\n- video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306).\n- vt: Disable KD_FONT_OP_COPY (bsc#1178589).\n- x86/hyperv: Clarify comment on x2apic mode (git-fixes).\n- x86/hyperv: Make vapic support x2apic mode (git-fixes).\n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306).\n- x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1112178).\n- x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect (git-fixes).\n- x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled (git-fixes).\n- x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs (git-fixes).\n- x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1112178).\n- x86/sysfb_efi: Add quirks for some devices with swapped width and height (git-fixes).\n- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1058115 bsc#1176907).\n- xfs: do not update mtime on COW faults (bsc#1167030).\n- xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes).\n- xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes).\n- xfs: fix rmap key and record comparison functions (git-fixes).\n- xfs: flush new eof page on truncate to avoid post-eof corruption (git-fixes).\n- xfs: revert \u0027xfs: fix rmap key and record comparison functions\u0027 (git-fixes).\n- xhci: do not create endpoint debugfs entry before ring buffer is set (git-fixes).\n- xhci: Fix sizeof() mismatch (git-fixes).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-3715,SUSE-SLE-SERVER-12-SP5-2020-3715",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3715-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:3715-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203715-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:3715-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007938.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050549",
        "url": "https://bugzilla.suse.com/1050549"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1058115",
        "url": "https://bugzilla.suse.com/1058115"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1067665",
        "url": "https://bugzilla.suse.com/1067665"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1111666",
        "url": "https://bugzilla.suse.com/1111666"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112178",
        "url": "https://bugzilla.suse.com/1112178"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1167030",
        "url": "https://bugzilla.suse.com/1167030"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170139",
        "url": "https://bugzilla.suse.com/1170139"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170415",
        "url": "https://bugzilla.suse.com/1170415"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170446",
        "url": "https://bugzilla.suse.com/1170446"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1170630",
        "url": "https://bugzilla.suse.com/1170630"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172542",
        "url": "https://bugzilla.suse.com/1172542"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172873",
        "url": "https://bugzilla.suse.com/1172873"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174726",
        "url": "https://bugzilla.suse.com/1174726"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175306",
        "url": "https://bugzilla.suse.com/1175306"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1175916",
        "url": "https://bugzilla.suse.com/1175916"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176109",
        "url": "https://bugzilla.suse.com/1176109"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176855",
        "url": "https://bugzilla.suse.com/1176855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176907",
        "url": "https://bugzilla.suse.com/1176907"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176983",
        "url": "https://bugzilla.suse.com/1176983"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177304",
        "url": "https://bugzilla.suse.com/1177304"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177397",
        "url": "https://bugzilla.suse.com/1177397"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177703",
        "url": "https://bugzilla.suse.com/1177703"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177805",
        "url": "https://bugzilla.suse.com/1177805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177808",
        "url": "https://bugzilla.suse.com/1177808"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177809",
        "url": "https://bugzilla.suse.com/1177809"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177819",
        "url": "https://bugzilla.suse.com/1177819"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1177820",
        "url": "https://bugzilla.suse.com/1177820"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178123",
        "url": "https://bugzilla.suse.com/1178123"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178182",
        "url": "https://bugzilla.suse.com/1178182"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178393",
        "url": "https://bugzilla.suse.com/1178393"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178589",
        "url": "https://bugzilla.suse.com/1178589"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178591",
        "url": "https://bugzilla.suse.com/1178591"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178607",
        "url": "https://bugzilla.suse.com/1178607"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178635",
        "url": "https://bugzilla.suse.com/1178635"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178669",
        "url": "https://bugzilla.suse.com/1178669"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178686",
        "url": "https://bugzilla.suse.com/1178686"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178700",
        "url": "https://bugzilla.suse.com/1178700"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178765",
        "url": "https://bugzilla.suse.com/1178765"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178838",
        "url": "https://bugzilla.suse.com/1178838"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178853",
        "url": "https://bugzilla.suse.com/1178853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178854",
        "url": "https://bugzilla.suse.com/1178854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178878",
        "url": "https://bugzilla.suse.com/1178878"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178886",
        "url": "https://bugzilla.suse.com/1178886"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178897",
        "url": "https://bugzilla.suse.com/1178897"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178940",
        "url": "https://bugzilla.suse.com/1178940"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1178962",
        "url": "https://bugzilla.suse.com/1178962"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179107",
        "url": "https://bugzilla.suse.com/1179107"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179140",
        "url": "https://bugzilla.suse.com/1179140"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179211",
        "url": "https://bugzilla.suse.com/1179211"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179213",
        "url": "https://bugzilla.suse.com/1179213"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179259",
        "url": "https://bugzilla.suse.com/1179259"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179424",
        "url": "https://bugzilla.suse.com/1179424"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179426",
        "url": "https://bugzilla.suse.com/1179426"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179427",
        "url": "https://bugzilla.suse.com/1179427"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 927455",
        "url": "https://bugzilla.suse.com/927455"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15437 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15437/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25668 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25668/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25669 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25669/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25704 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-27777 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-27777/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28915 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28915/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28974 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28974/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8694 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8694/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2020-12-08T17:35:23Z",
      "generator": {
        "date": "2020-12-08T17:35:23Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:3715-1",
      "initial_release_date": "2020-12-08T17:35:23Z",
      "revision_history": [
        {
          "date": "2020-12-08T17:35:23Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-azure-4.12.14-16.38.1.noarch",
                "product": {
                  "name": "kernel-devel-azure-4.12.14-16.38.1.noarch",
                  "product_id": "kernel-devel-azure-4.12.14-16.38.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-azure-4.12.14-16.38.1.noarch",
                "product": {
                  "name": "kernel-source-azure-4.12.14-16.38.1.noarch",
                  "product_id": "kernel-source-azure-4.12.14-16.38.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cluster-md-kmp-azure-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "cluster-md-kmp-azure-4.12.14-16.38.1.x86_64",
                  "product_id": "cluster-md-kmp-azure-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-azure-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "dlm-kmp-azure-4.12.14-16.38.1.x86_64",
                  "product_id": "dlm-kmp-azure-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-azure-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "gfs2-kmp-azure-4.12.14-16.38.1.x86_64",
                  "product_id": "gfs2-kmp-azure-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "kernel-azure-4.12.14-16.38.1.x86_64",
                  "product_id": "kernel-azure-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-base-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "kernel-azure-base-4.12.14-16.38.1.x86_64",
                  "product_id": "kernel-azure-base-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-devel-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "kernel-azure-devel-4.12.14-16.38.1.x86_64",
                  "product_id": "kernel-azure-devel-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-extra-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "kernel-azure-extra-4.12.14-16.38.1.x86_64",
                  "product_id": "kernel-azure-extra-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-azure-kgraft-devel-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "kernel-azure-kgraft-devel-4.12.14-16.38.1.x86_64",
                  "product_id": "kernel-azure-kgraft-devel-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-azure-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "kernel-syms-azure-4.12.14-16.38.1.x86_64",
                  "product_id": "kernel-syms-azure-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kselftests-kmp-azure-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "kselftests-kmp-azure-4.12.14-16.38.1.x86_64",
                  "product_id": "kselftests-kmp-azure-4.12.14-16.38.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-azure-4.12.14-16.38.1.x86_64",
                "product": {
                  "name": "ocfs2-kmp-azure-4.12.14-16.38.1.x86_64",
                  "product_id": "ocfs2-kmp-azure-4.12.14-16.38.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-azure-4.12.14-16.38.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64"
        },
        "product_reference": "kernel-azure-4.12.14-16.38.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-azure-base-4.12.14-16.38.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64"
        },
        "product_reference": "kernel-azure-base-4.12.14-16.38.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-azure-devel-4.12.14-16.38.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64"
        },
        "product_reference": "kernel-azure-devel-4.12.14-16.38.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-azure-4.12.14-16.38.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch"
        },
        "product_reference": "kernel-devel-azure-4.12.14-16.38.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-azure-4.12.14-16.38.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch"
        },
        "product_reference": "kernel-source-azure-4.12.14-16.38.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-azure-4.12.14-16.38.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        },
        "product_reference": "kernel-syms-azure-4.12.14-16.38.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-azure-4.12.14-16.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64"
        },
        "product_reference": "kernel-azure-4.12.14-16.38.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-azure-base-4.12.14-16.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64"
        },
        "product_reference": "kernel-azure-base-4.12.14-16.38.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-azure-devel-4.12.14-16.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64"
        },
        "product_reference": "kernel-azure-devel-4.12.14-16.38.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-azure-4.12.14-16.38.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch"
        },
        "product_reference": "kernel-devel-azure-4.12.14-16.38.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-azure-4.12.14-16.38.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch"
        },
        "product_reference": "kernel-source-azure-4.12.14-16.38.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-azure-4.12.14-16.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        },
        "product_reference": "kernel-syms-azure-4.12.14-16.38.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15437",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15437"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p-\u003eserial_in pointer which uninitialized.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15437",
          "url": "https://www.suse.com/security/cve/CVE-2020-15437"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179140 for CVE-2020-15437",
          "url": "https://bugzilla.suse.com/1179140"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:35:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-15437"
    },
    {
      "cve": "CVE-2020-25668",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25668"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25668",
          "url": "https://www.suse.com/security/cve/CVE-2020-25668"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178123 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1178123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178622 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1178622"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196914 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1196914"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:35:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25668"
    },
    {
      "cve": "CVE-2020-25669",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25669"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25669",
          "url": "https://www.suse.com/security/cve/CVE-2020-25669"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178182 for CVE-2020-25669",
          "url": "https://bugzilla.suse.com/1178182"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:35:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25669"
    },
    {
      "cve": "CVE-2020-25704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25704",
          "url": "https://www.suse.com/security/cve/CVE-2020-25704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178393 for CVE-2020-25704",
          "url": "https://bugzilla.suse.com/1178393"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:35:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25704"
    },
    {
      "cve": "CVE-2020-27777",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-27777"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-27777",
          "url": "https://www.suse.com/security/cve/CVE-2020-27777"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179107 for CVE-2020-27777",
          "url": "https://bugzilla.suse.com/1179107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179419 for CVE-2020-27777",
          "url": "https://bugzilla.suse.com/1179419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200343 for CVE-2020-27777",
          "url": "https://bugzilla.suse.com/1200343"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220060 for CVE-2020-27777",
          "url": "https://bugzilla.suse.com/1220060"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:35:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-27777"
    },
    {
      "cve": "CVE-2020-28915",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28915"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28915",
          "url": "https://www.suse.com/security/cve/CVE-2020-28915"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178886 for CVE-2020-28915",
          "url": "https://bugzilla.suse.com/1178886"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:35:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-28915"
    },
    {
      "cve": "CVE-2020-28974",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28974"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28974",
          "url": "https://www.suse.com/security/cve/CVE-2020-28974"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178589 for CVE-2020-28974",
          "url": "https://bugzilla.suse.com/1178589"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:35:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-28974"
    },
    {
      "cve": "CVE-2020-8694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8694",
          "url": "https://www.suse.com/security/cve/CVE-2020-8694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178700 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179661 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1179661"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-base-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-azure-devel-4.12.14-16.38.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-devel-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-source-azure-4.12.14-16.38.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:kernel-syms-azure-4.12.14-16.38.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-12-08T17:35:23Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8694"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…