SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)

High Nessus Plugin ID 121468

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.
This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1108498).

CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).

CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).

CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).

CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319).

CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).

CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769).

CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).

CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).

CVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240).

CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).

CVE-2017-1000407: Fixed a denial of service, which was caused by flooding the diagnostic port 0x80 an exception leading to a kernel panic (bnc#1071021).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-kernel-20190123-13937=1

SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch slexsp3-kernel-20190123-13937=1

SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-kernel-20190123-13937=1

SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch dbgsp3-kernel-20190123-13937=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1031240

https://bugzilla.suse.com/show_bug.cgi?id=1039803

https://bugzilla.suse.com/show_bug.cgi?id=1066674

https://bugzilla.suse.com/show_bug.cgi?id=1071021

https://bugzilla.suse.com/show_bug.cgi?id=1094186

https://bugzilla.suse.com/show_bug.cgi?id=1094825

https://bugzilla.suse.com/show_bug.cgi?id=1104070

https://bugzilla.suse.com/show_bug.cgi?id=1104366

https://bugzilla.suse.com/show_bug.cgi?id=1104367

https://bugzilla.suse.com/show_bug.cgi?id=1107189

https://bugzilla.suse.com/show_bug.cgi?id=1108498

https://bugzilla.suse.com/show_bug.cgi?id=1109200

https://bugzilla.suse.com/show_bug.cgi?id=1113201

https://bugzilla.suse.com/show_bug.cgi?id=1113751

https://bugzilla.suse.com/show_bug.cgi?id=1113769

https://bugzilla.suse.com/show_bug.cgi?id=1114920

https://bugzilla.suse.com/show_bug.cgi?id=1115007

https://bugzilla.suse.com/show_bug.cgi?id=1115038

https://bugzilla.suse.com/show_bug.cgi?id=1116412

https://bugzilla.suse.com/show_bug.cgi?id=1116841

https://bugzilla.suse.com/show_bug.cgi?id=1117515

https://bugzilla.suse.com/show_bug.cgi?id=1118152

https://bugzilla.suse.com/show_bug.cgi?id=1118319

https://bugzilla.suse.com/show_bug.cgi?id=1119255

https://bugzilla.suse.com/show_bug.cgi?id=1119714

https://bugzilla.suse.com/show_bug.cgi?id=1120743

https://bugzilla.suse.com/show_bug.cgi?id=905299

https://bugzilla.suse.com/show_bug.cgi?id=936875

https://bugzilla.suse.com/show_bug.cgi?id=968018

https://bugzilla.suse.com/show_bug.cgi?id=990682

https://www.suse.com/security/cve/CVE-2017-1000407/

https://www.suse.com/security/cve/CVE-2017-16533/

https://www.suse.com/security/cve/CVE-2017-7273/

https://www.suse.com/security/cve/CVE-2018-18281/

https://www.suse.com/security/cve/CVE-2018-18386/

https://www.suse.com/security/cve/CVE-2018-18710/

https://www.suse.com/security/cve/CVE-2018-19407/

https://www.suse.com/security/cve/CVE-2018-19824/

https://www.suse.com/security/cve/CVE-2018-19985/

https://www.suse.com/security/cve/CVE-2018-20169/

https://www.suse.com/security/cve/CVE-2018-9516/

https://www.suse.com/security/cve/CVE-2018-9568/

http://www.nessus.org/u?bbd59106

Plugin Details

Severity: High

ID: 121468

File Name: suse_SU-2019-13937-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2019/01/30

Updated: 2019/09/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-bigsmp, p-cpe:/a:novell:suse_linux:kernel-bigsmp-base, p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/01/29

Vulnerability Publication Date: 2017/03/27

Reference Information

CVE: CVE-2017-1000407, CVE-2017-16533, CVE-2017-7273, CVE-2018-10940, CVE-2018-16658, CVE-2018-18281, CVE-2018-18386, CVE-2018-18710, CVE-2018-19407, CVE-2018-19824, CVE-2018-19985, CVE-2018-20169, CVE-2018-9516, CVE-2018-9568