SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1287-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

High Nessus Plugin ID 125282

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.

Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)

CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)

CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)

CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)

CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.

For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736

The following security bugs were fixed: CVE-2018-1128: It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network could use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. (bnc#1096748).

CVE-2018-1129: A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. (bnc#1096748).

CVE-2016-8636: Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c allowed local users to cause a denial of service (memory corruption), obtain sensitive information or possibly have unspecified other impact via a write or read request involving the 'RDMA protocol over infiniband' (aka Soft RoCE) technology (bnc#1024908).

CVE-2017-18174: In the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free (bnc#1080533).

CVE-2018-1091: In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service (bnc#1087231).

CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which made a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bnc#1093158). </pid></pid>

CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c has multiple race conditions (bnc#1133188).

CVE-2019-3882: A flaw was found in the vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS) (bsc#1131427).

CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).

CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).

CVE-2019-9503, CVE-2019-8564: Multiple brcmfmac frame validation bypasses have been fixed (bnc#1132828, bnc#1132673).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 7:zypper in -t patch SUSE-OpenStack-Cloud-7-2019-1287=1

SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-1287=1

SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-1287=1

SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-1287=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch SUSE-SLE-HA-12-SP2-2019-1287=1

SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-1287=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1287=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1024908

https://bugzilla.suse.com/show_bug.cgi?id=1034113

https://bugzilla.suse.com/show_bug.cgi?id=1043485

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1073311

https://bugzilla.suse.com/show_bug.cgi?id=1080157

https://bugzilla.suse.com/show_bug.cgi?id=1080533

https://bugzilla.suse.com/show_bug.cgi?id=1082632

https://bugzilla.suse.com/show_bug.cgi?id=1087231

https://bugzilla.suse.com/show_bug.cgi?id=1087659

https://bugzilla.suse.com/show_bug.cgi?id=1087906

https://bugzilla.suse.com/show_bug.cgi?id=1093158

https://bugzilla.suse.com/show_bug.cgi?id=1094268

https://bugzilla.suse.com/show_bug.cgi?id=1096748

https://bugzilla.suse.com/show_bug.cgi?id=1100152

https://bugzilla.suse.com/show_bug.cgi?id=1103186

https://bugzilla.suse.com/show_bug.cgi?id=1106913

https://bugzilla.suse.com/show_bug.cgi?id=1109772

https://bugzilla.suse.com/show_bug.cgi?id=1111331

https://bugzilla.suse.com/show_bug.cgi?id=1112178

https://bugzilla.suse.com/show_bug.cgi?id=1113399

https://bugzilla.suse.com/show_bug.cgi?id=1116841

https://bugzilla.suse.com/show_bug.cgi?id=1118338

https://bugzilla.suse.com/show_bug.cgi?id=1119019

https://bugzilla.suse.com/show_bug.cgi?id=1122822

https://bugzilla.suse.com/show_bug.cgi?id=1124832

https://bugzilla.suse.com/show_bug.cgi?id=1125580

https://bugzilla.suse.com/show_bug.cgi?id=1129279

https://bugzilla.suse.com/show_bug.cgi?id=1131416

https://bugzilla.suse.com/show_bug.cgi?id=1131427

https://bugzilla.suse.com/show_bug.cgi?id=1131587

https://bugzilla.suse.com/show_bug.cgi?id=1132673

https://bugzilla.suse.com/show_bug.cgi?id=1132828

https://bugzilla.suse.com/show_bug.cgi?id=1133188

https://www.suse.com/security/cve/CVE-2016-8636/

https://www.suse.com/security/cve/CVE-2017-17741/

https://www.suse.com/security/cve/CVE-2017-18174/

https://www.suse.com/security/cve/CVE-2018-1091/

https://www.suse.com/security/cve/CVE-2018-1120/

https://www.suse.com/security/cve/CVE-2018-1128/

https://www.suse.com/security/cve/CVE-2018-1129/

https://www.suse.com/security/cve/CVE-2018-12126/

https://www.suse.com/security/cve/CVE-2018-12127/

https://www.suse.com/security/cve/CVE-2018-12130/

https://www.suse.com/security/cve/CVE-2018-19407/

https://www.suse.com/security/cve/CVE-2019-11091/

https://www.suse.com/security/cve/CVE-2019-11486/

https://www.suse.com/security/cve/CVE-2019-3882/

https://www.suse.com/security/cve/CVE-2019-8564/

https://www.suse.com/security/cve/CVE-2019-9503/

https://www.suse.com/support/kb/doc/?id=7023736

http://www.nessus.org/u?e4a87e55

Plugin Details

Severity: High

ID: 125282

File Name: suse_SU-2019-1287-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2019/05/20

Updated: 2019/05/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_109-default, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/05/17

Vulnerability Publication Date: 2017/02/22

Reference Information

CVE: CVE-2016-8636, CVE-2017-17741, CVE-2017-18174, CVE-2018-1091, CVE-2018-1120, CVE-2018-1128, CVE-2018-1129, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-19407, CVE-2019-11091, CVE-2019-11486, CVE-2019-3882, CVE-2019-8564, CVE-2019-9503