SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0148-1) (Spectre)

High Nessus Plugin ID 121344

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP3 kernel for Azure was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841).

CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).

CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bnc#1087082).

CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). </pid></pid>

CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702).

CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).

CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).

CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319).

CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).

CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-148=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1015336

https://bugzilla.suse.com/show_bug.cgi?id=1015337

https://bugzilla.suse.com/show_bug.cgi?id=1015340

https://bugzilla.suse.com/show_bug.cgi?id=1019683

https://bugzilla.suse.com/show_bug.cgi?id=1019695

https://bugzilla.suse.com/show_bug.cgi?id=1020645

https://bugzilla.suse.com/show_bug.cgi?id=1027260

https://bugzilla.suse.com/show_bug.cgi?id=1027457

https://bugzilla.suse.com/show_bug.cgi?id=1042286

https://bugzilla.suse.com/show_bug.cgi?id=1043083

https://bugzilla.suse.com/show_bug.cgi?id=1046264

https://bugzilla.suse.com/show_bug.cgi?id=1047487

https://bugzilla.suse.com/show_bug.cgi?id=1048916

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1066223

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1069702

https://bugzilla.suse.com/show_bug.cgi?id=1070805

https://bugzilla.suse.com/show_bug.cgi?id=1079935

https://bugzilla.suse.com/show_bug.cgi?id=1087082

https://bugzilla.suse.com/show_bug.cgi?id=1091405

https://bugzilla.suse.com/show_bug.cgi?id=1093158

https://bugzilla.suse.com/show_bug.cgi?id=1094244

https://bugzilla.suse.com/show_bug.cgi?id=1094973

https://bugzilla.suse.com/show_bug.cgi?id=1096242

https://bugzilla.suse.com/show_bug.cgi?id=1096281

https://bugzilla.suse.com/show_bug.cgi?id=1099523

https://bugzilla.suse.com/show_bug.cgi?id=1100105

https://bugzilla.suse.com/show_bug.cgi?id=1101557

https://bugzilla.suse.com/show_bug.cgi?id=1102439

https://bugzilla.suse.com/show_bug.cgi?id=1102660

https://bugzilla.suse.com/show_bug.cgi?id=1103156

https://bugzilla.suse.com/show_bug.cgi?id=1103257

https://bugzilla.suse.com/show_bug.cgi?id=1103624

https://bugzilla.suse.com/show_bug.cgi?id=1104098

https://bugzilla.suse.com/show_bug.cgi?id=1104731

https://bugzilla.suse.com/show_bug.cgi?id=1105412

https://bugzilla.suse.com/show_bug.cgi?id=1106105

https://bugzilla.suse.com/show_bug.cgi?id=1106237

https://bugzilla.suse.com/show_bug.cgi?id=1106240

https://bugzilla.suse.com/show_bug.cgi?id=1106929

https://bugzilla.suse.com/show_bug.cgi?id=1107385

https://bugzilla.suse.com/show_bug.cgi?id=1108145

https://bugzilla.suse.com/show_bug.cgi?id=1108240

https://bugzilla.suse.com/show_bug.cgi?id=1109272

https://bugzilla.suse.com/show_bug.cgi?id=1109330

https://bugzilla.suse.com/show_bug.cgi?id=1109806

https://bugzilla.suse.com/show_bug.cgi?id=1110286

https://bugzilla.suse.com/show_bug.cgi?id=1111062

https://bugzilla.suse.com/show_bug.cgi?id=1111809

https://bugzilla.suse.com/show_bug.cgi?id=1112246

https://bugzilla.suse.com/show_bug.cgi?id=1112963

https://bugzilla.suse.com/show_bug.cgi?id=1113412

https://bugzilla.suse.com/show_bug.cgi?id=1114190

https://bugzilla.suse.com/show_bug.cgi?id=1114417

https://bugzilla.suse.com/show_bug.cgi?id=1114475

https://bugzilla.suse.com/show_bug.cgi?id=1114648

https://bugzilla.suse.com/show_bug.cgi?id=1114763

https://bugzilla.suse.com/show_bug.cgi?id=1114839

https://bugzilla.suse.com/show_bug.cgi?id=1114871

https://bugzilla.suse.com/show_bug.cgi?id=1115431

https://bugzilla.suse.com/show_bug.cgi?id=1115433

https://bugzilla.suse.com/show_bug.cgi?id=1115440

https://bugzilla.suse.com/show_bug.cgi?id=1115587

https://bugzilla.suse.com/show_bug.cgi?id=1115709

https://bugzilla.suse.com/show_bug.cgi?id=1116027

https://bugzilla.suse.com/show_bug.cgi?id=1116183

https://bugzilla.suse.com/show_bug.cgi?id=1116285

https://bugzilla.suse.com/show_bug.cgi?id=1116336

https://bugzilla.suse.com/show_bug.cgi?id=1116345

https://bugzilla.suse.com/show_bug.cgi?id=1116497

https://bugzilla.suse.com/show_bug.cgi?id=1116841

https://bugzilla.suse.com/show_bug.cgi?id=1116924

https://bugzilla.suse.com/show_bug.cgi?id=1116950

https://bugzilla.suse.com/show_bug.cgi?id=1117162

https://bugzilla.suse.com/show_bug.cgi?id=1117165

https://bugzilla.suse.com/show_bug.cgi?id=1117186

https://bugzilla.suse.com/show_bug.cgi?id=1117562

https://bugzilla.suse.com/show_bug.cgi?id=1118152

https://bugzilla.suse.com/show_bug.cgi?id=1118316

https://bugzilla.suse.com/show_bug.cgi?id=1118319

https://bugzilla.suse.com/show_bug.cgi?id=1118505

https://bugzilla.suse.com/show_bug.cgi?id=1118790

https://bugzilla.suse.com/show_bug.cgi?id=1118798

https://bugzilla.suse.com/show_bug.cgi?id=1118915

https://bugzilla.suse.com/show_bug.cgi?id=1118922

https://bugzilla.suse.com/show_bug.cgi?id=1118926

https://bugzilla.suse.com/show_bug.cgi?id=1118930

https://bugzilla.suse.com/show_bug.cgi?id=1118936

https://bugzilla.suse.com/show_bug.cgi?id=1119204

https://bugzilla.suse.com/show_bug.cgi?id=1119714

https://bugzilla.suse.com/show_bug.cgi?id=1119877

https://bugzilla.suse.com/show_bug.cgi?id=1119946

https://bugzilla.suse.com/show_bug.cgi?id=1119967

https://bugzilla.suse.com/show_bug.cgi?id=1119970

https://bugzilla.suse.com/show_bug.cgi?id=1120046

https://bugzilla.suse.com/show_bug.cgi?id=1120743

https://bugzilla.suse.com/show_bug.cgi?id=1121239

https://bugzilla.suse.com/show_bug.cgi?id=1121240

https://bugzilla.suse.com/show_bug.cgi?id=1121241

https://bugzilla.suse.com/show_bug.cgi?id=1121242

https://bugzilla.suse.com/show_bug.cgi?id=1121275

https://bugzilla.suse.com/show_bug.cgi?id=1121621

https://www.suse.com/security/cve/CVE-2017-16939/

https://www.suse.com/security/cve/CVE-2018-1120/

https://www.suse.com/security/cve/CVE-2018-16862/

https://www.suse.com/security/cve/CVE-2018-16884/

https://www.suse.com/security/cve/CVE-2018-19407/

https://www.suse.com/security/cve/CVE-2018-19824/

https://www.suse.com/security/cve/CVE-2018-19985/

https://www.suse.com/security/cve/CVE-2018-20169/

https://www.suse.com/security/cve/CVE-2018-3639/

https://www.suse.com/security/cve/CVE-2018-9568/

http://www.nessus.org/u?facf390b

Plugin Details

Severity: High

ID: 121344

File Name: suse_SU-2019-0148-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2019/01/24

Updated: 2019/09/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo, p-cpe:/a:novell:suse_linux:kernel-azure-debugsource, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-syms-azure, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/01/23

Vulnerability Publication Date: 2017/11/24

Reference Information

CVE: CVE-2017-16939, CVE-2018-1120, CVE-2018-16862, CVE-2018-16884, CVE-2018-19407, CVE-2018-19824, CVE-2018-19985, CVE-2018-20169, CVE-2018-3639, CVE-2018-9568