SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2414-1)

critical Nessus Plugin ID 129156



The remote SUSE host is missing one or more security updates.


The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following new features were implemented :

jsc#SLE-4875: [CML] New device IDs for CML

jsc#SLE-7294: Add cpufreq driver for Raspberry Pi

fate#321840: Reduce memory required to boot capture kernel while using fadump

fate#326869: perf: pmu mem_load/store event support

fate:327775: vpmem: DRAM backed persistent volumes for improved SAP HANA on POWER restart times

The following security bugs were fixed: CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code.

CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361).

CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape.

CVE-2019-15924: Fix a NULL pointer dereference because there was no

-ENOMEM upon an alloc_workqueue failure. (bsc#1149612).

CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed.
(bsc#1150025 CVE-2019-9456).

CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713)

CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free.

CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602)

CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591).

CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free.

CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539)

CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527)

CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522)

CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376)

CVE-2019-15666: There was an out-of-bounds array access in
__xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394).

CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524)

CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.

CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093)

CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543).

CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378).

CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391).

CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678)

CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547).

CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory.

CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550)

CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.
(bsc#1146529, bsc#1146531)

CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
(bsc#1051510 bsc#1146413)

CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425)

CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399)

CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285)

CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated. (bsc#1146163).

CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion.

CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920).

CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959).

CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch SUSE-SLE-Product-WE-15-2019-2414=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2414=1

SUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-2414=1

SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2414=1

SUSE Linux Enterprise Module for Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2414=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2414=1

SUSE Linux Enterprise High Availability 15:zypper in -t patch SUSE-SLE-Product-HA-15-2019-2414=1

See Also

Plugin Details

Severity: Critical

ID: 129156

File Name: suse_SU-2019-2414-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 9/23/2019

Updated: 1/13/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-obs-qa, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-vanilla-base, p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource, p-cpe:/a:novell:suse_linux:kselftests-kmp-default, p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/20/2019

Vulnerability Publication Date: 8/16/2019

Reference Information

CVE: CVE-2017-18551, CVE-2018-20976, CVE-2018-21008, CVE-2019-10207, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14835, CVE-2019-15030, CVE-2019-15031, CVE-2019-15090, CVE-2019-15098, CVE-2019-15117, CVE-2019-15118, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15217, CVE-2019-15218, CVE-2019-15219, CVE-2019-15220, CVE-2019-15221, CVE-2019-15222, CVE-2019-15239, CVE-2019-15290, CVE-2019-15292, CVE-2019-15538, CVE-2019-15666, CVE-2019-15902, CVE-2019-15917, CVE-2019-15919, CVE-2019-15920, CVE-2019-15921, CVE-2019-15924, CVE-2019-15926, CVE-2019-15927, CVE-2019-9456