SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0196-1)

high Nessus Plugin ID 121466

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).

CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).

CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).

CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal).
The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).

CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).

CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).

CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).

CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs.
NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).

CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).

CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch SUSE-SLE-WE-12-SP4-2019-196=1

SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-196=1

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-196=1

SUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-196=1

SUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch SUSE-SLE-HA-12-SP4-2019-196=1

SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-196=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1024718

https://bugzilla.suse.com/show_bug.cgi?id=1046299

https://bugzilla.suse.com/show_bug.cgi?id=1050242

https://bugzilla.suse.com/show_bug.cgi?id=1050244

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1055121

https://bugzilla.suse.com/show_bug.cgi?id=1055186

https://bugzilla.suse.com/show_bug.cgi?id=1058115

https://bugzilla.suse.com/show_bug.cgi?id=1060463

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1078248

https://bugzilla.suse.com/show_bug.cgi?id=1079935

https://bugzilla.suse.com/show_bug.cgi?id=1082387

https://bugzilla.suse.com/show_bug.cgi?id=1083647

https://bugzilla.suse.com/show_bug.cgi?id=1086282

https://bugzilla.suse.com/show_bug.cgi?id=1086283

https://bugzilla.suse.com/show_bug.cgi?id=1086423

https://bugzilla.suse.com/show_bug.cgi?id=1087084

https://bugzilla.suse.com/show_bug.cgi?id=1087978

https://bugzilla.suse.com/show_bug.cgi?id=1088386

https://bugzilla.suse.com/show_bug.cgi?id=1090888

https://bugzilla.suse.com/show_bug.cgi?id=1091405

https://bugzilla.suse.com/show_bug.cgi?id=1094244

https://bugzilla.suse.com/show_bug.cgi?id=1097593

https://bugzilla.suse.com/show_bug.cgi?id=1102875

https://bugzilla.suse.com/show_bug.cgi?id=1102877

https://bugzilla.suse.com/show_bug.cgi?id=1102879

https://bugzilla.suse.com/show_bug.cgi?id=1102882

https://bugzilla.suse.com/show_bug.cgi?id=1102896

https://bugzilla.suse.com/show_bug.cgi?id=1103257

https://bugzilla.suse.com/show_bug.cgi?id=1104353

https://bugzilla.suse.com/show_bug.cgi?id=1104427

https://bugzilla.suse.com/show_bug.cgi?id=1104967

https://bugzilla.suse.com/show_bug.cgi?id=1105168

https://bugzilla.suse.com/show_bug.cgi?id=1106105

https://bugzilla.suse.com/show_bug.cgi?id=1106110

https://bugzilla.suse.com/show_bug.cgi?id=1106615

https://bugzilla.suse.com/show_bug.cgi?id=1106913

https://bugzilla.suse.com/show_bug.cgi?id=1108270

https://bugzilla.suse.com/show_bug.cgi?id=1109272

https://bugzilla.suse.com/show_bug.cgi?id=1110558

https://bugzilla.suse.com/show_bug.cgi?id=1111188

https://bugzilla.suse.com/show_bug.cgi?id=1111469

https://bugzilla.suse.com/show_bug.cgi?id=1111696

https://bugzilla.suse.com/show_bug.cgi?id=1111795

https://bugzilla.suse.com/show_bug.cgi?id=1112128

https://bugzilla.suse.com/show_bug.cgi?id=1113722

https://bugzilla.suse.com/show_bug.cgi?id=1114648

https://bugzilla.suse.com/show_bug.cgi?id=1114871

https://bugzilla.suse.com/show_bug.cgi?id=1116040

https://bugzilla.suse.com/show_bug.cgi?id=1116336

https://bugzilla.suse.com/show_bug.cgi?id=1116803

https://bugzilla.suse.com/show_bug.cgi?id=1116841

https://bugzilla.suse.com/show_bug.cgi?id=1117115

https://bugzilla.suse.com/show_bug.cgi?id=1117162

https://bugzilla.suse.com/show_bug.cgi?id=1117165

https://bugzilla.suse.com/show_bug.cgi?id=1117186

https://bugzilla.suse.com/show_bug.cgi?id=1117561

https://bugzilla.suse.com/show_bug.cgi?id=1117656

https://bugzilla.suse.com/show_bug.cgi?id=1117953

https://bugzilla.suse.com/show_bug.cgi?id=1118215

https://bugzilla.suse.com/show_bug.cgi?id=1118319

https://bugzilla.suse.com/show_bug.cgi?id=1118428

https://bugzilla.suse.com/show_bug.cgi?id=1118484

https://bugzilla.suse.com/show_bug.cgi?id=1118505

https://bugzilla.suse.com/show_bug.cgi?id=1118752

https://bugzilla.suse.com/show_bug.cgi?id=1118760

https://bugzilla.suse.com/show_bug.cgi?id=1118761

https://bugzilla.suse.com/show_bug.cgi?id=1118762

https://bugzilla.suse.com/show_bug.cgi?id=1118766

https://bugzilla.suse.com/show_bug.cgi?id=1118767

https://bugzilla.suse.com/show_bug.cgi?id=1118768

https://bugzilla.suse.com/show_bug.cgi?id=1118769

https://bugzilla.suse.com/show_bug.cgi?id=1118771

https://bugzilla.suse.com/show_bug.cgi?id=1118772

https://bugzilla.suse.com/show_bug.cgi?id=1118773

https://bugzilla.suse.com/show_bug.cgi?id=1118774

https://bugzilla.suse.com/show_bug.cgi?id=1118775

https://bugzilla.suse.com/show_bug.cgi?id=1118787

https://bugzilla.suse.com/show_bug.cgi?id=1118788

https://bugzilla.suse.com/show_bug.cgi?id=1118798

https://bugzilla.suse.com/show_bug.cgi?id=1118809

https://bugzilla.suse.com/show_bug.cgi?id=1118962

https://bugzilla.suse.com/show_bug.cgi?id=1119017

https://bugzilla.suse.com/show_bug.cgi?id=1119086

https://bugzilla.suse.com/show_bug.cgi?id=1119212

https://bugzilla.suse.com/show_bug.cgi?id=1119322

https://bugzilla.suse.com/show_bug.cgi?id=1119410

https://bugzilla.suse.com/show_bug.cgi?id=1119714

https://bugzilla.suse.com/show_bug.cgi?id=1119749

https://bugzilla.suse.com/show_bug.cgi?id=1119804

https://bugzilla.suse.com/show_bug.cgi?id=1119946

https://bugzilla.suse.com/show_bug.cgi?id=1119962

https://bugzilla.suse.com/show_bug.cgi?id=1119968

https://bugzilla.suse.com/show_bug.cgi?id=1120036

https://bugzilla.suse.com/show_bug.cgi?id=1120046

https://bugzilla.suse.com/show_bug.cgi?id=1120053

https://bugzilla.suse.com/show_bug.cgi?id=1120054

https://bugzilla.suse.com/show_bug.cgi?id=1120055

https://bugzilla.suse.com/show_bug.cgi?id=1120058

https://bugzilla.suse.com/show_bug.cgi?id=1120088

https://bugzilla.suse.com/show_bug.cgi?id=1120092

https://bugzilla.suse.com/show_bug.cgi?id=1120094

https://bugzilla.suse.com/show_bug.cgi?id=1120096

https://bugzilla.suse.com/show_bug.cgi?id=1120097

https://bugzilla.suse.com/show_bug.cgi?id=1120173

https://bugzilla.suse.com/show_bug.cgi?id=1120214

https://bugzilla.suse.com/show_bug.cgi?id=1120223

https://bugzilla.suse.com/show_bug.cgi?id=1120228

https://bugzilla.suse.com/show_bug.cgi?id=1120230

https://bugzilla.suse.com/show_bug.cgi?id=1120232

https://bugzilla.suse.com/show_bug.cgi?id=1120234

https://bugzilla.suse.com/show_bug.cgi?id=1120235

https://bugzilla.suse.com/show_bug.cgi?id=1120238

https://bugzilla.suse.com/show_bug.cgi?id=1120594

https://bugzilla.suse.com/show_bug.cgi?id=1120598

https://bugzilla.suse.com/show_bug.cgi?id=1120600

https://bugzilla.suse.com/show_bug.cgi?id=1120601

https://bugzilla.suse.com/show_bug.cgi?id=1120602

https://bugzilla.suse.com/show_bug.cgi?id=1120603

https://bugzilla.suse.com/show_bug.cgi?id=1120604

https://bugzilla.suse.com/show_bug.cgi?id=1120606

https://bugzilla.suse.com/show_bug.cgi?id=1120612

https://bugzilla.suse.com/show_bug.cgi?id=1120613

https://bugzilla.suse.com/show_bug.cgi?id=1120614

https://bugzilla.suse.com/show_bug.cgi?id=1120615

https://bugzilla.suse.com/show_bug.cgi?id=1120616

https://bugzilla.suse.com/show_bug.cgi?id=1120617

https://bugzilla.suse.com/show_bug.cgi?id=1120618

https://bugzilla.suse.com/show_bug.cgi?id=1120620

https://bugzilla.suse.com/show_bug.cgi?id=1120621

https://bugzilla.suse.com/show_bug.cgi?id=1120632

https://bugzilla.suse.com/show_bug.cgi?id=1120633

https://bugzilla.suse.com/show_bug.cgi?id=1120743

https://bugzilla.suse.com/show_bug.cgi?id=1120954

https://bugzilla.suse.com/show_bug.cgi?id=1121017

https://bugzilla.suse.com/show_bug.cgi?id=1121058

https://bugzilla.suse.com/show_bug.cgi?id=1121263

https://bugzilla.suse.com/show_bug.cgi?id=1121273

https://bugzilla.suse.com/show_bug.cgi?id=1121477

https://bugzilla.suse.com/show_bug.cgi?id=1121483

https://bugzilla.suse.com/show_bug.cgi?id=1121599

https://bugzilla.suse.com/show_bug.cgi?id=1121621

https://bugzilla.suse.com/show_bug.cgi?id=1121714

https://bugzilla.suse.com/show_bug.cgi?id=1121715

https://bugzilla.suse.com/show_bug.cgi?id=1121973

https://www.suse.com/security/cve/CVE-2018-12232/

https://www.suse.com/security/cve/CVE-2018-14625/

https://www.suse.com/security/cve/CVE-2018-16862/

https://www.suse.com/security/cve/CVE-2018-16884/

https://www.suse.com/security/cve/CVE-2018-18397/

https://www.suse.com/security/cve/CVE-2018-19407/

https://www.suse.com/security/cve/CVE-2018-19854/

https://www.suse.com/security/cve/CVE-2018-19985/

https://www.suse.com/security/cve/CVE-2018-20169/

https://www.suse.com/security/cve/CVE-2018-9568/

http://www.nessus.org/u?b7b6ad1b

Plugin Details

Severity: High

ID: 121466

File Name: suse_SU-2019-0196-1.nasl

Version: 1.7

Type: local

Agent: unix

Published: 1/30/2019

Updated: 5/24/2022

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-9568

CVSS v3

Risk Factor: High

Base Score: 8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2018-16884

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/29/2019

Vulnerability Publication Date: 3/15/2013

Reference Information

CVE: CVE-2013-2547, CVE-2018-12232, CVE-2018-14625, CVE-2018-16862, CVE-2018-16884, CVE-2018-18397, CVE-2018-19407, CVE-2018-19854, CVE-2018-19985, CVE-2018-20169, CVE-2018-9568

BID: 58382