Synthesis of the vulnerability 


An attacker can bypass restrictions via acpi_configfs.c of the Linux kernel, in order to escalate his privileges.
Vulnerable products: Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this weakness: 2/4.
Creation date: 16/07/2020.
Références of this bulletin: CERTFR-2020-AVI-460, CERTFR-2020-AVI-462, CERTFR-2020-AVI-466, CERTFR-2020-AVI-474, CERTFR-2020-AVI-483, CERTFR-2020-AVI-547, CVE-2020-15780, openSUSE-SU-2020:1153-1, openSUSE-SU-2020:1236-1, RHSA-2020:3218-01, RHSA-2020:3219-01, RHSA-2020:3222-01, RHSA-2020:3228-01, SUSE-SU-2020:2027-1, SUSE-SU-2020:2103-1, SUSE-SU-2020:2105-1, SUSE-SU-2020:2106-1, SUSE-SU-2020:2107-1, SUSE-SU-2020:2119-1, SUSE-SU-2020:2121-1, SUSE-SU-2020:2122-1, SUSE-SU-2020:2258-1, SUSE-SU-2020:2259-1, SUSE-SU-2020:2478-1, SUSE-SU-2020:2487-1, USN-4425-1, USN-4426-1, USN-4439-1, VIGILANCE-VUL-32850.

Description of the vulnerability 


An attacker can bypass restrictions via acpi_configfs.c of the Linux kernel, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

This security announce impacts software or systems such as Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this threat is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer vulnerability announce.

Solutions for this threat 


Linux kernel: version 5.7.7.
The version 5.7.7 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v5.x/

Linux kernel: version 5.4.50.
The version 5.4.50 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v5.x/

Linux kernel: patch for acpi_configfs.c.
A patch is indicated in information sources.

openSUSE Leap 15.1: new kernel packages (07/08/2020).
New packages are available:
  openSUSE Leap 15.1: kernel 4.12.14-lp151.28.59.1

openSUSE Leap 15.2: new kernel packages.
New packages are available:
  openSUSE Leap 15.2: kernel 5.3.18-lp152.36.1

RHEL 8.0: new kernel packages.
New packages are available:
  RHEL 8.0: kernel 4.18.0-80.27.2.el8_0

RHEL 8.1: new kernel packages.
New packages are available:
  RHEL 8.1: kernel 4.18.0-147.24.2.el8_1

RHEL 8.2: new kernel packages.
New packages are available:
  RHEL 8.2: kernel 4.18.0-193.14.3.el8_2

RHEL 8.2: new kernel-rt packages.
New packages are available:
  RHEL 8.2: kernel-rt 4.18.0-193.14.3.rt13.67.el8_2

SUSE LE 12 SP4: new kernel packages.
New packages are available:
  SUSE LE 12 SP4: kernel 4.12.14-95.57.1

SUSE LE 12 SP5: new kernel-azure packages (05/08/2020).
New packages are available:
  SUSE LE 12 SP5: kernel-azure 4.12.14-16.22.1

SUSE LE 12 SP5: new kernel packages (05/08/2020).
New packages are available:
  SUSE LE 12 SP5: kernel 4.12.14-122.29.1

SUSE LE 12 SP5: new kernel-rt packages (03/09/2020).
New packages are available:
  SUSE LE 12 SP5: kernel-rt 4.12.14-10.13.1

SUSE LE 15 RTM: new kernel packages.
New packages are available:
  SUSE LE 15 RTM: kernel 4.12.14-150.55.1

SUSE LE 15 SP1-2: new fwupd packages.
New packages are available:
  SUSE LE 15 SP1: fwupd 1.0.9-6.5.1
  SUSE LE 15 SP2: fwupd 1.2.11-5.2.1

SUSE LE 15 SP1: new kernel-azure packages.
New packages are available:
  SUSE LE 15 SP1: kernel-azure 4.12.14-8.38.1

SUSE LE 15 SP1: new kernel packages (04/08/2020).
New packages are available:
  SUSE LE 15 SP1: kernel 4.12.14-197.48.1

SUSE LE 15 SP1: new kernel-rt packages.
New packages are available:
  SUSE LE 15 SP1: kernel-rt 4.12.14-14.28.1

SUSE LE 15 SP2: new kernel-azure packages.
New packages are available:
  SUSE LE 15 SP2: kernel-azure 5.3.18-18.5.1

SUSE LE 15 SP2: new kernel packages.
New packages are available:
  SUSE LE 15 SP2: kernel 5.3.18-24.9.1

Ubuntu 18.0: new linux-image-5.0.0 packages.
New packages are available:
  Ubuntu 18.04 LTS: linux-image-gke-5.0 5.0.0.1045.30

Ubuntu: new linux-image-4.15.0 packages.
New packages are available:
  Ubuntu 16.04 LTS: linux-image-aws-hwe 4.15.0.1079.76
  Ubuntu 18.04 LTS: linux-image-generic 4.15.0.112.100

Ubuntu: new linux-image-5.4.0 packages.
New packages are available:
  Ubuntu 18.04 LTS: linux-image-generic-hwe-18.04 5.4.0.42.46~18.04.35
  Ubuntu 20.04 LTS: linux-image-generic 5.4.0.30.37
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

Computer vulnerabilities tracking service 


Vigil@nce provides a network vulnerability workaround. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.





Source link

Write a comment:
*

Your email address will not be published.