SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)

High Nessus Plugin ID 122609

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free. (bnc#1124728)

CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).

CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).

CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker could have caused utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158).
</pid></pid>

CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal).
The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).

CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).

CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).

CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).

CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).

CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).

CVE-2018-5391: The Linux kernel was vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size (bnc#1103097).

CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).

CVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities in the Bluetooth stack were fixed that could potentially leak kernel information (bsc#1120758)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2019-541=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2019-541=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-541=1

SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-541=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2019-541=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-541=1

SUSE CaaS Platform ALL :

To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

SUSE CaaS Platform 3.0 :

To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1015336

https://bugzilla.suse.com/show_bug.cgi?id=1015337

https://bugzilla.suse.com/show_bug.cgi?id=1015340

https://bugzilla.suse.com/show_bug.cgi?id=1019683

https://bugzilla.suse.com/show_bug.cgi?id=1019695

https://bugzilla.suse.com/show_bug.cgi?id=1020413

https://bugzilla.suse.com/show_bug.cgi?id=1020645

https://bugzilla.suse.com/show_bug.cgi?id=1023175

https://bugzilla.suse.com/show_bug.cgi?id=1027260

https://bugzilla.suse.com/show_bug.cgi?id=1027457

https://bugzilla.suse.com/show_bug.cgi?id=1031492

https://bugzilla.suse.com/show_bug.cgi?id=1042286

https://bugzilla.suse.com/show_bug.cgi?id=1043083

https://bugzilla.suse.com/show_bug.cgi?id=1046264

https://bugzilla.suse.com/show_bug.cgi?id=1047487

https://bugzilla.suse.com/show_bug.cgi?id=1048916

https://bugzilla.suse.com/show_bug.cgi?id=1050549

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1066223

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1070805

https://bugzilla.suse.com/show_bug.cgi?id=1078355

https://bugzilla.suse.com/show_bug.cgi?id=1079935

https://bugzilla.suse.com/show_bug.cgi?id=1086095

https://bugzilla.suse.com/show_bug.cgi?id=1086423

https://bugzilla.suse.com/show_bug.cgi?id=1086652

https://bugzilla.suse.com/show_bug.cgi?id=1091405

https://bugzilla.suse.com/show_bug.cgi?id=1093158

https://bugzilla.suse.com/show_bug.cgi?id=1094244

https://bugzilla.suse.com/show_bug.cgi?id=1094823

https://bugzilla.suse.com/show_bug.cgi?id=1094973

https://bugzilla.suse.com/show_bug.cgi?id=1096242

https://bugzilla.suse.com/show_bug.cgi?id=1096281

https://bugzilla.suse.com/show_bug.cgi?id=1099523

https://bugzilla.suse.com/show_bug.cgi?id=1099810

https://bugzilla.suse.com/show_bug.cgi?id=1100105

https://bugzilla.suse.com/show_bug.cgi?id=1101557

https://bugzilla.suse.com/show_bug.cgi?id=1102439

https://bugzilla.suse.com/show_bug.cgi?id=1102660

https://bugzilla.suse.com/show_bug.cgi?id=1102875

https://bugzilla.suse.com/show_bug.cgi?id=1102877

https://bugzilla.suse.com/show_bug.cgi?id=1102879

https://bugzilla.suse.com/show_bug.cgi?id=1102882

https://bugzilla.suse.com/show_bug.cgi?id=1102896

https://bugzilla.suse.com/show_bug.cgi?id=1103097

https://bugzilla.suse.com/show_bug.cgi?id=1103156

https://bugzilla.suse.com/show_bug.cgi?id=1103257

https://bugzilla.suse.com/show_bug.cgi?id=1103624

https://bugzilla.suse.com/show_bug.cgi?id=1104098

https://bugzilla.suse.com/show_bug.cgi?id=1104731

https://bugzilla.suse.com/show_bug.cgi?id=1105428

https://bugzilla.suse.com/show_bug.cgi?id=1106061

https://bugzilla.suse.com/show_bug.cgi?id=1106105

https://bugzilla.suse.com/show_bug.cgi?id=1106237

https://bugzilla.suse.com/show_bug.cgi?id=1106240

https://bugzilla.suse.com/show_bug.cgi?id=1106929

https://bugzilla.suse.com/show_bug.cgi?id=1107385

https://bugzilla.suse.com/show_bug.cgi?id=1107866

https://bugzilla.suse.com/show_bug.cgi?id=1108145

https://bugzilla.suse.com/show_bug.cgi?id=1108240

https://bugzilla.suse.com/show_bug.cgi?id=1109272

https://bugzilla.suse.com/show_bug.cgi?id=1109330

https://bugzilla.suse.com/show_bug.cgi?id=1109695

https://bugzilla.suse.com/show_bug.cgi?id=1109806

https://bugzilla.suse.com/show_bug.cgi?id=1110286

https://bugzilla.suse.com/show_bug.cgi?id=1111062

https://bugzilla.suse.com/show_bug.cgi?id=1111174

https://bugzilla.suse.com/show_bug.cgi?id=1111809

https://bugzilla.suse.com/show_bug.cgi?id=1112246

https://bugzilla.suse.com/show_bug.cgi?id=1112963

https://bugzilla.suse.com/show_bug.cgi?id=1113412

https://bugzilla.suse.com/show_bug.cgi?id=1113766

https://bugzilla.suse.com/show_bug.cgi?id=1114190

https://bugzilla.suse.com/show_bug.cgi?id=1114417

https://bugzilla.suse.com/show_bug.cgi?id=1114475

https://bugzilla.suse.com/show_bug.cgi?id=1114648

https://bugzilla.suse.com/show_bug.cgi?id=1114763

https://bugzilla.suse.com/show_bug.cgi?id=1114839

https://bugzilla.suse.com/show_bug.cgi?id=1114871

https://bugzilla.suse.com/show_bug.cgi?id=1114893

https://bugzilla.suse.com/show_bug.cgi?id=1115431

https://bugzilla.suse.com/show_bug.cgi?id=1115433

https://bugzilla.suse.com/show_bug.cgi?id=1115440

https://bugzilla.suse.com/show_bug.cgi?id=1115482

https://bugzilla.suse.com/show_bug.cgi?id=1115709

https://bugzilla.suse.com/show_bug.cgi?id=1116027

https://bugzilla.suse.com/show_bug.cgi?id=1116183

https://bugzilla.suse.com/show_bug.cgi?id=1116285

https://bugzilla.suse.com/show_bug.cgi?id=1116336

https://bugzilla.suse.com/show_bug.cgi?id=1116345

https://bugzilla.suse.com/show_bug.cgi?id=1116497

https://bugzilla.suse.com/show_bug.cgi?id=1116653

https://bugzilla.suse.com/show_bug.cgi?id=1116841

https://bugzilla.suse.com/show_bug.cgi?id=1116924

https://bugzilla.suse.com/show_bug.cgi?id=1116950

https://bugzilla.suse.com/show_bug.cgi?id=1116962

https://bugzilla.suse.com/show_bug.cgi?id=1117108

https://bugzilla.suse.com/show_bug.cgi?id=1117162

https://bugzilla.suse.com/show_bug.cgi?id=1117165

https://bugzilla.suse.com/show_bug.cgi?id=1117186

https://bugzilla.suse.com/show_bug.cgi?id=1117562

https://bugzilla.suse.com/show_bug.cgi?id=1117645

https://bugzilla.suse.com/show_bug.cgi?id=1117744

https://bugzilla.suse.com/show_bug.cgi?id=1118152

https://bugzilla.suse.com/show_bug.cgi?id=1118316

https://bugzilla.suse.com/show_bug.cgi?id=1118319

https://bugzilla.suse.com/show_bug.cgi?id=1118505

https://bugzilla.suse.com/show_bug.cgi?id=1118790

https://bugzilla.suse.com/show_bug.cgi?id=1118798

https://bugzilla.suse.com/show_bug.cgi?id=1118915

https://bugzilla.suse.com/show_bug.cgi?id=1118922

https://bugzilla.suse.com/show_bug.cgi?id=1118926

https://bugzilla.suse.com/show_bug.cgi?id=1118930

https://bugzilla.suse.com/show_bug.cgi?id=1118936

https://bugzilla.suse.com/show_bug.cgi?id=1119204

https://bugzilla.suse.com/show_bug.cgi?id=1119680

https://bugzilla.suse.com/show_bug.cgi?id=1119714

https://bugzilla.suse.com/show_bug.cgi?id=1119877

https://bugzilla.suse.com/show_bug.cgi?id=1119946

https://bugzilla.suse.com/show_bug.cgi?id=1119967

https://bugzilla.suse.com/show_bug.cgi?id=1119970

https://bugzilla.suse.com/show_bug.cgi?id=1120017

https://bugzilla.suse.com/show_bug.cgi?id=1120046

https://bugzilla.suse.com/show_bug.cgi?id=1120722

https://bugzilla.suse.com/show_bug.cgi?id=1120743

https://bugzilla.suse.com/show_bug.cgi?id=1120758

https://bugzilla.suse.com/show_bug.cgi?id=1120902

https://bugzilla.suse.com/show_bug.cgi?id=1120950

https://bugzilla.suse.com/show_bug.cgi?id=1121239

https://bugzilla.suse.com/show_bug.cgi?id=1121240

https://bugzilla.suse.com/show_bug.cgi?id=1121241

https://bugzilla.suse.com/show_bug.cgi?id=1121242

https://bugzilla.suse.com/show_bug.cgi?id=1121275

https://bugzilla.suse.com/show_bug.cgi?id=1121621

https://bugzilla.suse.com/show_bug.cgi?id=1121726

https://bugzilla.suse.com/show_bug.cgi?id=1122650

https://bugzilla.suse.com/show_bug.cgi?id=1122651

https://bugzilla.suse.com/show_bug.cgi?id=1122779

https://bugzilla.suse.com/show_bug.cgi?id=1122885

https://bugzilla.suse.com/show_bug.cgi?id=1123321

https://bugzilla.suse.com/show_bug.cgi?id=1123323

https://bugzilla.suse.com/show_bug.cgi?id=1123357

https://bugzilla.suse.com/show_bug.cgi?id=1123933

https://bugzilla.suse.com/show_bug.cgi?id=1124166

https://bugzilla.suse.com/show_bug.cgi?id=1124728

https://bugzilla.suse.com/show_bug.cgi?id=1124732

https://bugzilla.suse.com/show_bug.cgi?id=1124735

https://bugzilla.suse.com/show_bug.cgi?id=1124775

https://bugzilla.suse.com/show_bug.cgi?id=1124777

https://bugzilla.suse.com/show_bug.cgi?id=1124780

https://bugzilla.suse.com/show_bug.cgi?id=1124811

https://bugzilla.suse.com/show_bug.cgi?id=1125000

https://bugzilla.suse.com/show_bug.cgi?id=1125014

https://bugzilla.suse.com/show_bug.cgi?id=1125446

https://bugzilla.suse.com/show_bug.cgi?id=1125794

https://bugzilla.suse.com/show_bug.cgi?id=1125796

https://bugzilla.suse.com/show_bug.cgi?id=1125808

https://bugzilla.suse.com/show_bug.cgi?id=1125809

https://bugzilla.suse.com/show_bug.cgi?id=1125810

https://bugzilla.suse.com/show_bug.cgi?id=1125892

https://bugzilla.suse.com/show_bug.cgi?id=985031

https://www.suse.com/security/cve/CVE-2018-1120/

https://www.suse.com/security/cve/CVE-2018-16862/

https://www.suse.com/security/cve/CVE-2018-16884/

https://www.suse.com/security/cve/CVE-2018-19407/

https://www.suse.com/security/cve/CVE-2018-19824/

https://www.suse.com/security/cve/CVE-2018-19985/

https://www.suse.com/security/cve/CVE-2018-20169/

https://www.suse.com/security/cve/CVE-2018-5391/

https://www.suse.com/security/cve/CVE-2018-9568/

https://www.suse.com/security/cve/CVE-2019-3459/

https://www.suse.com/security/cve/CVE-2019-3460/

https://www.suse.com/security/cve/CVE-2019-6974/

https://www.suse.com/security/cve/CVE-2019-7221/

https://www.suse.com/security/cve/CVE-2019-7222/

http://www.nessus.org/u?3754f527

Plugin Details

Severity: High

ID: 122609

File Name: suse_SU-2019-0541-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2019/03/05

Updated: 2019/09/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/03/04

Vulnerability Publication Date: 2018/06/20

Reference Information

CVE: CVE-2018-1120, CVE-2018-16862, CVE-2018-16884, CVE-2018-19407, CVE-2018-19824, CVE-2018-19985, CVE-2018-20169, CVE-2018-5391, CVE-2018-9568, CVE-2019-3459, CVE-2019-3460, CVE-2019-6974, CVE-2019-7221, CVE-2019-7222