Security update for kernel-firmware SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:4201-1 Final 1 1 2021-12-30T08:37:06Z current 2021-12-30T08:37:06Z 2021-12-30T08:37:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kernel-firmware This update for kernel-firmware fixes the following issues: - CVE-2019-15126: Updated Broadcom firmware to fix Kr00k bug (bsc#1167162). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-4201,SUSE-SLE-Module-Basesystem-15-SP2-2021-4201,SUSE-SUSE-MicroOS-5.0-2021-4201 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20214201-1/ Link for SUSE-SU-2021:4201-1 https://lists.suse.com/pipermail/sle-security-updates/2021-December/009957.html E-Mail link for SUSE-SU-2021:4201-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1167162 SUSE Bug 1167162 https://www.suse.com/security/cve/CVE-2019-15126/ SUSE CVE CVE-2019-15126 page SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Basesystem 15 SP2 kernel-firmware-20200107-3.23.1 ucode-amd-20200107-3.23.1 kernel-firmware-20200107-3.23.1 as a component of SUSE Linux Enterprise Micro 5.0 ucode-amd-20200107-3.23.1 as a component of SUSE Linux Enterprise Micro 5.0 kernel-firmware-20200107-3.23.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 ucode-amd-20200107-3.23.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. CVE-2019-15126 SUSE Linux Enterprise Micro 5.0:kernel-firmware-20200107-3.23.1 SUSE Linux Enterprise Micro 5.0:ucode-amd-20200107-3.23.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:kernel-firmware-20200107-3.23.1 SUSE Linux Enterprise Module for Basesystem 15 SP2:ucode-amd-20200107-3.23.1 important 2.9 AV:A/AC:M/Au:N/C:P/I:N/A:N 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20214201-1/ https://www.suse.com/security/cve/CVE-2019-15126.html CVE-2019-15126 https://bugzilla.suse.com/1167162 SUSE Bug 1167162