https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2314-1 advisory.

  - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)

  - kernel: Use after free via PI futex state (CVE-2021-3347)

  - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

  - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)

  - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)

  - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2314 advisory.

  - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)

  - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)

  - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)

  - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)

  - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

  - kernel: Use after free via PI futex state (CVE-2021-3347)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2314 advisory.

  - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common     function in drivers/tty/n_tty.c. (CVE-2020-8648)

  - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-     of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre     mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects     pointer types that do not define a ptr_limit. (CVE-2020-27170)

  - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version     26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an     escalation of privilege via local access. (CVE-2020-12362)

  - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free     during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
    (CVE-2021-3347)

  - Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and     before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via     local access. (CVE-2020-12363)

  - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and     before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of     service via local access. (CVE-2020-12364)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2316 advisory.

  - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)

  - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)

  - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)

  - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)

  - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

  - kernel: Use after free via PI futex state (CVE-2021-3347)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2314 advisory.

  - kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)

  - kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)

  - kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)

  - kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)

  - kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)

  - kernel: Use after free via PI futex state (CVE-2021-3347)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for kernel-firmware fixes the following issues :

  - CVE-2020-12373: Fixed an expired pointer dereference may     lead to DOS (bsc#1181738).

  - CVE-2020-12364: Fixed a NULL pointer reference may lead     to DOS (bsc#1181736). 

  - CVE-2020-12362: Fixed an integer overflow which could     have led to privilege escalation (bsc#1181720).

  - CVE-2020-12363: Fixed an improper input validation which     may have led to DOS (bsc#1181735).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).

CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).

CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).

CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720).

CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735).

CVE-2020-12364: Fixed a NULL pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ).

CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738).

CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).

CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).

CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).

CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720).

CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735).

CVE-2020-12364: Fixed a NULL pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ).

CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738).

CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
150800	Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2314)	Nessus	Scientific Linux Local Security Checks	high
150770	CentOS 7 : kernel (CESA-2021:2314)	Nessus	CentOS Local Security Checks	high
150447	Oracle Linux 7 : kernel (ELSA-2021-2314)	Nessus	Oracle Linux Local Security Checks	high
150380	RHEL 7 : kernel-rt (RHSA-2021:2316)	Nessus	Red Hat Local Security Checks	high
150379	RHEL 7 : kernel (RHSA-2021:2314)	Nessus	Red Hat Local Security Checks	high
147774	openSUSE Security Update : kernel-firmware (openSUSE-2021-407)	Nessus	SuSE Local Security Checks	medium
147591	SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0735-1)	Nessus	SuSE Local Security Checks	high
147579	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0741-1)	Nessus	SuSE Local Security Checks	high
147563	openSUSE Security Update : the Linux Kernel (openSUSE-2021-393)	Nessus	SuSE Local Security Checks	high

CVE-2020-12364

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

medium

high

high

high