openSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)

High Nessus Plugin ID 126059

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 15.1 was updated to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic.
(bsc#1137586).

- CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)

- CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.
(bsc#1137586)

- CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291).

- CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293).

- CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. (bnc#1136922)

- CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598).

- CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424).

- CVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699)

- CVE-2019-12382: In the drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1136586).

- CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bnc#1133190).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1012382

https://bugzilla.opensuse.org/show_bug.cgi?id=1050242

https://bugzilla.opensuse.org/show_bug.cgi?id=1051510

https://bugzilla.opensuse.org/show_bug.cgi?id=1053043

https://bugzilla.opensuse.org/show_bug.cgi?id=1056787

https://bugzilla.opensuse.org/show_bug.cgi?id=1058115

https://bugzilla.opensuse.org/show_bug.cgi?id=1061840

https://bugzilla.opensuse.org/show_bug.cgi?id=1064802

https://bugzilla.opensuse.org/show_bug.cgi?id=1065600

https://bugzilla.opensuse.org/show_bug.cgi?id=1065729

https://bugzilla.opensuse.org/show_bug.cgi?id=1066129

https://bugzilla.opensuse.org/show_bug.cgi?id=1068546

https://bugzilla.opensuse.org/show_bug.cgi?id=1071995

https://bugzilla.opensuse.org/show_bug.cgi?id=1075020

https://bugzilla.opensuse.org/show_bug.cgi?id=1082387

https://bugzilla.opensuse.org/show_bug.cgi?id=1083647

https://bugzilla.opensuse.org/show_bug.cgi?id=1085535

https://bugzilla.opensuse.org/show_bug.cgi?id=1093389

https://bugzilla.opensuse.org/show_bug.cgi?id=1099658

https://bugzilla.opensuse.org/show_bug.cgi?id=1103992

https://bugzilla.opensuse.org/show_bug.cgi?id=1104353

https://bugzilla.opensuse.org/show_bug.cgi?id=1104427

https://bugzilla.opensuse.org/show_bug.cgi?id=1111666

https://bugzilla.opensuse.org/show_bug.cgi?id=1111696

https://bugzilla.opensuse.org/show_bug.cgi?id=1113722

https://bugzilla.opensuse.org/show_bug.cgi?id=1115688

https://bugzilla.opensuse.org/show_bug.cgi?id=1117114

https://bugzilla.opensuse.org/show_bug.cgi?id=1117158

https://bugzilla.opensuse.org/show_bug.cgi?id=1117561

https://bugzilla.opensuse.org/show_bug.cgi?id=1118139

https://bugzilla.opensuse.org/show_bug.cgi?id=1120091

https://bugzilla.opensuse.org/show_bug.cgi?id=1120423

https://bugzilla.opensuse.org/show_bug.cgi?id=1120566

https://bugzilla.opensuse.org/show_bug.cgi?id=1120902

https://bugzilla.opensuse.org/show_bug.cgi?id=1124503

https://bugzilla.opensuse.org/show_bug.cgi?id=1126206

https://bugzilla.opensuse.org/show_bug.cgi?id=1126356

https://bugzilla.opensuse.org/show_bug.cgi?id=1127616

https://bugzilla.opensuse.org/show_bug.cgi?id=1128432

https://bugzilla.opensuse.org/show_bug.cgi?id=1130699

https://bugzilla.opensuse.org/show_bug.cgi?id=1131673

https://bugzilla.opensuse.org/show_bug.cgi?id=1133190

https://bugzilla.opensuse.org/show_bug.cgi?id=1133612

https://bugzilla.opensuse.org/show_bug.cgi?id=1133616

https://bugzilla.opensuse.org/show_bug.cgi?id=1134090

https://bugzilla.opensuse.org/show_bug.cgi?id=1134671

https://bugzilla.opensuse.org/show_bug.cgi?id=1134730

https://bugzilla.opensuse.org/show_bug.cgi?id=1134738

https://bugzilla.opensuse.org/show_bug.cgi?id=1134743

https://bugzilla.opensuse.org/show_bug.cgi?id=1134806

https://bugzilla.opensuse.org/show_bug.cgi?id=1134936

https://bugzilla.opensuse.org/show_bug.cgi?id=1134945

https://bugzilla.opensuse.org/show_bug.cgi?id=1134946

https://bugzilla.opensuse.org/show_bug.cgi?id=1134947

https://bugzilla.opensuse.org/show_bug.cgi?id=1134948

https://bugzilla.opensuse.org/show_bug.cgi?id=1134949

https://bugzilla.opensuse.org/show_bug.cgi?id=1134950

https://bugzilla.opensuse.org/show_bug.cgi?id=1134951

https://bugzilla.opensuse.org/show_bug.cgi?id=1134952

https://bugzilla.opensuse.org/show_bug.cgi?id=1134953

https://bugzilla.opensuse.org/show_bug.cgi?id=1134972

https://bugzilla.opensuse.org/show_bug.cgi?id=1134974

https://bugzilla.opensuse.org/show_bug.cgi?id=1134975

https://bugzilla.opensuse.org/show_bug.cgi?id=1134980

https://bugzilla.opensuse.org/show_bug.cgi?id=1134981

https://bugzilla.opensuse.org/show_bug.cgi?id=1134983

https://bugzilla.opensuse.org/show_bug.cgi?id=1134987

https://bugzilla.opensuse.org/show_bug.cgi?id=1134989

https://bugzilla.opensuse.org/show_bug.cgi?id=1134990

https://bugzilla.opensuse.org/show_bug.cgi?id=1134994

https://bugzilla.opensuse.org/show_bug.cgi?id=1134995

https://bugzilla.opensuse.org/show_bug.cgi?id=1134998

https://bugzilla.opensuse.org/show_bug.cgi?id=1134999

https://bugzilla.opensuse.org/show_bug.cgi?id=1135018

https://bugzilla.opensuse.org/show_bug.cgi?id=1135021

https://bugzilla.opensuse.org/show_bug.cgi?id=1135024

https://bugzilla.opensuse.org/show_bug.cgi?id=1135026

https://bugzilla.opensuse.org/show_bug.cgi?id=1135027

https://bugzilla.opensuse.org/show_bug.cgi?id=1135028

https://bugzilla.opensuse.org/show_bug.cgi?id=1135029

https://bugzilla.opensuse.org/show_bug.cgi?id=1135031

https://bugzilla.opensuse.org/show_bug.cgi?id=1135033

https://bugzilla.opensuse.org/show_bug.cgi?id=1135034

https://bugzilla.opensuse.org/show_bug.cgi?id=1135035

https://bugzilla.opensuse.org/show_bug.cgi?id=1135036

https://bugzilla.opensuse.org/show_bug.cgi?id=1135037

https://bugzilla.opensuse.org/show_bug.cgi?id=1135038

https://bugzilla.opensuse.org/show_bug.cgi?id=1135039

https://bugzilla.opensuse.org/show_bug.cgi?id=1135041

https://bugzilla.opensuse.org/show_bug.cgi?id=1135042

https://bugzilla.opensuse.org/show_bug.cgi?id=1135044

https://bugzilla.opensuse.org/show_bug.cgi?id=1135045

https://bugzilla.opensuse.org/show_bug.cgi?id=1135046

https://bugzilla.opensuse.org/show_bug.cgi?id=1135047

https://bugzilla.opensuse.org/show_bug.cgi?id=1135049

https://bugzilla.opensuse.org/show_bug.cgi?id=1135051

https://bugzilla.opensuse.org/show_bug.cgi?id=1135052

https://bugzilla.opensuse.org/show_bug.cgi?id=1135053

https://bugzilla.opensuse.org/show_bug.cgi?id=1135055

https://bugzilla.opensuse.org/show_bug.cgi?id=1135056

https://bugzilla.opensuse.org/show_bug.cgi?id=1135058

https://bugzilla.opensuse.org/show_bug.cgi?id=1135153

https://bugzilla.opensuse.org/show_bug.cgi?id=1135542

https://bugzilla.opensuse.org/show_bug.cgi?id=1135556

https://bugzilla.opensuse.org/show_bug.cgi?id=1135642

https://bugzilla.opensuse.org/show_bug.cgi?id=1135661

https://bugzilla.opensuse.org/show_bug.cgi?id=1136188

https://bugzilla.opensuse.org/show_bug.cgi?id=1136206

https://bugzilla.opensuse.org/show_bug.cgi?id=1136215

https://bugzilla.opensuse.org/show_bug.cgi?id=1136345

https://bugzilla.opensuse.org/show_bug.cgi?id=1136347

https://bugzilla.opensuse.org/show_bug.cgi?id=1136348

https://bugzilla.opensuse.org/show_bug.cgi?id=1136353

https://bugzilla.opensuse.org/show_bug.cgi?id=1136424

https://bugzilla.opensuse.org/show_bug.cgi?id=1136428

https://bugzilla.opensuse.org/show_bug.cgi?id=1136430

https://bugzilla.opensuse.org/show_bug.cgi?id=1136432

https://bugzilla.opensuse.org/show_bug.cgi?id=1136434

https://bugzilla.opensuse.org/show_bug.cgi?id=1136435

https://bugzilla.opensuse.org/show_bug.cgi?id=1136438

https://bugzilla.opensuse.org/show_bug.cgi?id=1136439

https://bugzilla.opensuse.org/show_bug.cgi?id=1136456

https://bugzilla.opensuse.org/show_bug.cgi?id=1136460

https://bugzilla.opensuse.org/show_bug.cgi?id=1136461

https://bugzilla.opensuse.org/show_bug.cgi?id=1136469

https://bugzilla.opensuse.org/show_bug.cgi?id=1136477

https://bugzilla.opensuse.org/show_bug.cgi?id=1136478

https://bugzilla.opensuse.org/show_bug.cgi?id=1136498

https://bugzilla.opensuse.org/show_bug.cgi?id=1136573

https://bugzilla.opensuse.org/show_bug.cgi?id=1136586

https://bugzilla.opensuse.org/show_bug.cgi?id=1136598

https://bugzilla.opensuse.org/show_bug.cgi?id=1136881

https://bugzilla.opensuse.org/show_bug.cgi?id=1136922

https://bugzilla.opensuse.org/show_bug.cgi?id=1136935

https://bugzilla.opensuse.org/show_bug.cgi?id=1136978

https://bugzilla.opensuse.org/show_bug.cgi?id=1136990

https://bugzilla.opensuse.org/show_bug.cgi?id=1137151

https://bugzilla.opensuse.org/show_bug.cgi?id=1137152

https://bugzilla.opensuse.org/show_bug.cgi?id=1137153

https://bugzilla.opensuse.org/show_bug.cgi?id=1137162

https://bugzilla.opensuse.org/show_bug.cgi?id=1137201

https://bugzilla.opensuse.org/show_bug.cgi?id=1137224

https://bugzilla.opensuse.org/show_bug.cgi?id=1137232

https://bugzilla.opensuse.org/show_bug.cgi?id=1137233

https://bugzilla.opensuse.org/show_bug.cgi?id=1137236

https://bugzilla.opensuse.org/show_bug.cgi?id=1137372

https://bugzilla.opensuse.org/show_bug.cgi?id=1137429

https://bugzilla.opensuse.org/show_bug.cgi?id=1137444

https://bugzilla.opensuse.org/show_bug.cgi?id=1137586

https://bugzilla.opensuse.org/show_bug.cgi?id=1137739

https://bugzilla.opensuse.org/show_bug.cgi?id=1137752

https://bugzilla.opensuse.org/show_bug.cgi?id=1137995

https://bugzilla.opensuse.org/show_bug.cgi?id=1137996

https://bugzilla.opensuse.org/show_bug.cgi?id=1137998

https://bugzilla.opensuse.org/show_bug.cgi?id=1137999

https://bugzilla.opensuse.org/show_bug.cgi?id=1138000

https://bugzilla.opensuse.org/show_bug.cgi?id=1138002

https://bugzilla.opensuse.org/show_bug.cgi?id=1138003

https://bugzilla.opensuse.org/show_bug.cgi?id=1138005

https://bugzilla.opensuse.org/show_bug.cgi?id=1138006

https://bugzilla.opensuse.org/show_bug.cgi?id=1138007

https://bugzilla.opensuse.org/show_bug.cgi?id=1138008

https://bugzilla.opensuse.org/show_bug.cgi?id=1138009

https://bugzilla.opensuse.org/show_bug.cgi?id=1138010

https://bugzilla.opensuse.org/show_bug.cgi?id=1138011

https://bugzilla.opensuse.org/show_bug.cgi?id=1138012

https://bugzilla.opensuse.org/show_bug.cgi?id=1138013

https://bugzilla.opensuse.org/show_bug.cgi?id=1138014

https://bugzilla.opensuse.org/show_bug.cgi?id=1138015

https://bugzilla.opensuse.org/show_bug.cgi?id=1138016

https://bugzilla.opensuse.org/show_bug.cgi?id=1138017

https://bugzilla.opensuse.org/show_bug.cgi?id=1138018

https://bugzilla.opensuse.org/show_bug.cgi?id=1138019

https://bugzilla.opensuse.org/show_bug.cgi?id=1138291

https://bugzilla.opensuse.org/show_bug.cgi?id=1138293

https://bugzilla.opensuse.org/show_bug.cgi?id=1138336

https://bugzilla.opensuse.org/show_bug.cgi?id=1138374

https://bugzilla.opensuse.org/show_bug.cgi?id=1138375

Plugin Details

Severity: High

ID: 126059

File Name: openSUSE-2019-1571.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2019/06/20

Updated: 2020/01/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-kvmsmall, p-cpe:/a:novell:opensuse:kernel-kvmsmall-base, p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo, p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource, p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel, p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/06/18

Vulnerability Publication Date: 2019/03/27

Reference Information

CVE: CVE-2019-10124, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-11487, CVE-2019-12380, CVE-2019-12382, CVE-2019-12456, CVE-2019-12818, CVE-2019-12819, CVE-2019-3846