Cleartext Transmission of Sensitive Information Affecting kernel-livepatch-5_3_18-24_67-default package, versions <8-2.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES152-KERNELLIVEPATCH53182467DEFAULT-3265445
- published 14 Apr 2022
- disclosed 31 Jan 2022
Introduced: 31 Jan 2022
CVE-2020-3702 Open this link in a new tabHow to fix?
Upgrade SLES:15.2 kernel-livepatch-5_3_18-24_67-default to version 8-2.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-livepatch-5_3_18-24_67-default package and not the kernel-livepatch-5_3_18-24_67-default package as distributed by SLES.
See How to fix? for SLES:15.2 relevant fixed versions and status.
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
References
- https://www.suse.com/security/cve/CVE-2020-3702.html
- https://bugzilla.suse.com/1191193
- https://bugzilla.suse.com/1191529
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
- https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58
- https://www.debian.org/security/2021/dsa-4978
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html