kernel-firmware-network-20250206-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:14788-1 Final 1 1 2025-02-12T00:00:00Z current 2025-02-12T00:00:00Z 2025-02-12T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kernel-firmware-network-20250206-1.1 on GA media These are all security issues fixed in the kernel-firmware-network-20250206-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-14788 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-13080/ SUSE CVE CVE-2017-13080 page https://www.suse.com/security/cve/CVE-2017-5715/ SUSE CVE CVE-2017-5715 page https://www.suse.com/security/cve/CVE-2019-9836/ SUSE CVE CVE-2019-9836 page https://www.suse.com/security/cve/CVE-2021-26339/ SUSE CVE CVE-2021-26339 page https://www.suse.com/security/cve/CVE-2021-26348/ SUSE CVE CVE-2021-26348 page https://www.suse.com/security/cve/CVE-2021-26364/ SUSE CVE CVE-2021-26364 page https://www.suse.com/security/cve/CVE-2021-26375/ SUSE CVE CVE-2021-26375 page https://www.suse.com/security/cve/CVE-2021-33139/ SUSE CVE CVE-2021-33139 page https://www.suse.com/security/cve/CVE-2021-46744/ SUSE CVE CVE-2021-46744 page https://www.suse.com/security/cve/CVE-2023-20569/ SUSE CVE CVE-2023-20569 page https://www.suse.com/security/cve/CVE-2023-20593/ SUSE CVE CVE-2023-20593 page openSUSE Tumbleweed kernel-firmware-network-20250206-1.1 kernel-firmware-network-20250206-1.1 as a component of openSUSE Tumbleweed Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. CVE-2017-13080 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate 7.8 AV:A/AC:L/Au:N/C:C/I:C/A:N 2.9 AV:A/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-13080.html CVE-2017-13080 https://bugzilla.suse.com/1056061 SUSE Bug 1056061 https://bugzilla.suse.com/1063479 SUSE Bug 1063479 https://bugzilla.suse.com/1063667 SUSE Bug 1063667 https://bugzilla.suse.com/1063671 SUSE Bug 1063671 https://bugzilla.suse.com/1066295 SUSE Bug 1066295 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 https://bugzilla.suse.com/1178872 SUSE Bug 1178872 https://bugzilla.suse.com/1179588 SUSE Bug 1179588 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5715 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 important 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5715.html CVE-2017-5715 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1074562 SUSE Bug 1074562 https://bugzilla.suse.com/1074578 SUSE Bug 1074578 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1074741 SUSE Bug 1074741 https://bugzilla.suse.com/1074919 SUSE Bug 1074919 https://bugzilla.suse.com/1075006 SUSE Bug 1075006 https://bugzilla.suse.com/1075007 SUSE Bug 1075007 https://bugzilla.suse.com/1075262 SUSE Bug 1075262 https://bugzilla.suse.com/1075419 SUSE Bug 1075419 https://bugzilla.suse.com/1076115 SUSE Bug 1076115 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 https://bugzilla.suse.com/1076606 SUSE Bug 1076606 https://bugzilla.suse.com/1078353 SUSE Bug 1078353 https://bugzilla.suse.com/1080039 SUSE Bug 1080039 https://bugzilla.suse.com/1087887 SUSE Bug 1087887 https://bugzilla.suse.com/1087939 SUSE Bug 1087939 https://bugzilla.suse.com/1088147 SUSE Bug 1088147 https://bugzilla.suse.com/1089055 SUSE Bug 1089055 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1095735 SUSE Bug 1095735 https://bugzilla.suse.com/1102517 SUSE Bug 1102517 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 https://bugzilla.suse.com/1126516 SUSE Bug 1126516 https://bugzilla.suse.com/1173489 SUSE Bug 1173489 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201457 SUSE Bug 1201457 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 https://bugzilla.suse.com/1203236 SUSE Bug 1203236 Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation. CVE-2019-9836 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9836.html CVE-2019-9836 https://bugzilla.suse.com/1139383 SUSE Bug 1139383 A bug in AMD CPU's core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers. CVE-2021-26339 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-26339.html CVE-2021-26339 https://bugzilla.suse.com/1199459 SUSE Bug 1199459 Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. CVE-2021-26348 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-26348.html CVE-2021-26348 Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service. CVE-2021-26364 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-26364.html CVE-2021-26364 Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. CVE-2021-26375 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-26375.html CVE-2021-26375 Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. CVE-2021-33139 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate 2.7 AV:A/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-33139.html CVE-2021-33139 https://bugzilla.suse.com/1195786 SUSE Bug 1195786 An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. CVE-2021-46744 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-46744.html CVE-2021-46744 https://bugzilla.suse.com/1199470 SUSE Bug 1199470 A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. CVE-2023-20569 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-20569.html CVE-2023-20569 https://bugzilla.suse.com/1213287 SUSE Bug 1213287 An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. CVE-2023-20593 openSUSE Tumbleweed:kernel-firmware-network-20250206-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-20593.html CVE-2023-20593 https://bugzilla.suse.com/1213286 SUSE Bug 1213286 https://bugzilla.suse.com/1213616 SUSE Bug 1213616 https://bugzilla.suse.com/1215674 SUSE Bug 1215674