The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).

CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).

CVE-2020-14356: Fixed a NULL pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).

CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).

CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).

CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2540-1) (Spectre)

high Nessus Plugin ID 140385

Version 1.4