Security update for kernel-firmware SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0407-1 Final 1 1 2021-03-14T14:10:15Z current 2021-03-14T14:10:15Z 2021-03-14T14:10:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kernel-firmware This update for kernel-firmware fixes the following issues: - CVE-2020-12373: Fixed an expired pointer dereference may lead to DOS (bsc#1181738). - CVE-2020-12364: Fixed a null pointer reference may lead to DOS (bsc#1181736). - CVE-2020-12362: Fixed an integer overflow which could have led to privilege escalation (bsc#1181720). - CVE-2020-12363: Fixed an improper input validation which may have led to DOS (bsc#1181735). This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-407 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KH2XS5MRKRSCX3I5AS4LGZH576PO6KUD/ E-Mail link for openSUSE-SU-2021:0407-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1181720 SUSE Bug 1181720 https://bugzilla.suse.com/1181735 SUSE Bug 1181735 https://bugzilla.suse.com/1181736 SUSE Bug 1181736 https://bugzilla.suse.com/1181738 SUSE Bug 1181738 https://www.suse.com/security/cve/CVE-2020-12362/ SUSE CVE CVE-2020-12362 page https://www.suse.com/security/cve/CVE-2020-12363/ SUSE CVE CVE-2020-12363 page https://www.suse.com/security/cve/CVE-2020-12364/ SUSE CVE CVE-2020-12364 page https://www.suse.com/security/cve/CVE-2020-12373/ SUSE CVE CVE-2020-12373 page openSUSE Leap 15.2 kernel-firmware-20200107-lp152.2.6.1 ucode-amd-20200107-lp152.2.6.1 kernel-firmware-20200107-lp152.2.6.1 as a component of openSUSE Leap 15.2 ucode-amd-20200107-lp152.2.6.1 as a component of openSUSE Leap 15.2 Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. CVE-2020-12362 openSUSE Leap 15.2:kernel-firmware-20200107-lp152.2.6.1 openSUSE Leap 15.2:ucode-amd-20200107-lp152.2.6.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KH2XS5MRKRSCX3I5AS4LGZH576PO6KUD/ https://www.suse.com/security/cve/CVE-2020-12362.html CVE-2020-12362 https://bugzilla.suse.com/1181720 SUSE Bug 1181720 https://bugzilla.suse.com/1182033 SUSE Bug 1182033 https://bugzilla.suse.com/1190859 SUSE Bug 1190859 Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. CVE-2020-12363 openSUSE Leap 15.2:kernel-firmware-20200107-lp152.2.6.1 openSUSE Leap 15.2:ucode-amd-20200107-lp152.2.6.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KH2XS5MRKRSCX3I5AS4LGZH576PO6KUD/ https://www.suse.com/security/cve/CVE-2020-12363.html CVE-2020-12363 https://bugzilla.suse.com/1181720 SUSE Bug 1181720 https://bugzilla.suse.com/1181735 SUSE Bug 1181735 Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. CVE-2020-12364 openSUSE Leap 15.2:kernel-firmware-20200107-lp152.2.6.1 openSUSE Leap 15.2:ucode-amd-20200107-lp152.2.6.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KH2XS5MRKRSCX3I5AS4LGZH576PO6KUD/ https://www.suse.com/security/cve/CVE-2020-12364.html CVE-2020-12364 https://bugzilla.suse.com/1181720 SUSE Bug 1181720 https://bugzilla.suse.com/1181736 SUSE Bug 1181736 Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. CVE-2020-12373 openSUSE Leap 15.2:kernel-firmware-20200107-lp152.2.6.1 openSUSE Leap 15.2:ucode-amd-20200107-lp152.2.6.1 low 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KH2XS5MRKRSCX3I5AS4LGZH576PO6KUD/ https://www.suse.com/security/cve/CVE-2020-12373.html CVE-2020-12373 https://bugzilla.suse.com/1181720 SUSE Bug 1181720 https://bugzilla.suse.com/1181738 SUSE Bug 1181738