SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0560-1)

Critical Nessus Plugin ID 134289

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-8992: An issue was discovered in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bnc#1164069).

CVE-2020-8648: There was a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bnc#1162928).

CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. It did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107).

CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109).

CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).

CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523).

CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518).

CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bnc#1157157).

CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bnc#1157155).

CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966).

CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026).

CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692).

CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195).

CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911).

CVE-2019-19927: A slab-out-of-bounds read access could have been caused when mounting a crafted f2fs filesystem image and performing some operations on it, in drivers/gpu/drm/ttm/ttm_page_alloc.c (bnc#1160147).

CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909).

CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910).

CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908).

CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841).

CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819).

CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021).

CVE-2019-19767: There were multiple use-after-free errors in
__ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297).

CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259).

CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303).

CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024).

CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954).

CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827).

CVE-2019-19537: There was a race condition bug that could be caused by a malicious USB character device, aka CID-303911cfc5b9. (bsc#1158904).

CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903).

CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900).

CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893).

CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834).

CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824).

CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823).

CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).

CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-560=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-560=1

SUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-560=1

SUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-560=1

SUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-560=1

SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-560=1

SUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-560=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1046303

https://bugzilla.suse.com/show_bug.cgi?id=1050244

https://bugzilla.suse.com/show_bug.cgi?id=1050549

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1051858

https://bugzilla.suse.com/show_bug.cgi?id=1061840

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1071995

https://bugzilla.suse.com/show_bug.cgi?id=1083647

https://bugzilla.suse.com/show_bug.cgi?id=1085030

https://bugzilla.suse.com/show_bug.cgi?id=1086301

https://bugzilla.suse.com/show_bug.cgi?id=1086313

https://bugzilla.suse.com/show_bug.cgi?id=1086314

https://bugzilla.suse.com/show_bug.cgi?id=1088810

https://bugzilla.suse.com/show_bug.cgi?id=1090888

https://bugzilla.suse.com/show_bug.cgi?id=1103989

https://bugzilla.suse.com/show_bug.cgi?id=1103990

https://bugzilla.suse.com/show_bug.cgi?id=1103991

https://bugzilla.suse.com/show_bug.cgi?id=1104353

https://bugzilla.suse.com/show_bug.cgi?id=1104427

https://bugzilla.suse.com/show_bug.cgi?id=1104745

https://bugzilla.suse.com/show_bug.cgi?id=1105392

https://bugzilla.suse.com/show_bug.cgi?id=1109837

https://bugzilla.suse.com/show_bug.cgi?id=1111666

https://bugzilla.suse.com/show_bug.cgi?id=1112178

https://bugzilla.suse.com/show_bug.cgi?id=1112374

https://bugzilla.suse.com/show_bug.cgi?id=1112504

https://bugzilla.suse.com/show_bug.cgi?id=1113956

https://bugzilla.suse.com/show_bug.cgi?id=1114279

https://bugzilla.suse.com/show_bug.cgi?id=1114685

https://bugzilla.suse.com/show_bug.cgi?id=1115026

https://bugzilla.suse.com/show_bug.cgi?id=1118338

https://bugzilla.suse.com/show_bug.cgi?id=1118661

https://bugzilla.suse.com/show_bug.cgi?id=1123328

https://bugzilla.suse.com/show_bug.cgi?id=1126206

https://bugzilla.suse.com/show_bug.cgi?id=1127371

https://bugzilla.suse.com/show_bug.cgi?id=1127611

https://bugzilla.suse.com/show_bug.cgi?id=1127682

https://bugzilla.suse.com/show_bug.cgi?id=1129551

https://bugzilla.suse.com/show_bug.cgi?id=1129770

https://bugzilla.suse.com/show_bug.cgi?id=1133021

https://bugzilla.suse.com/show_bug.cgi?id=1133147

https://bugzilla.suse.com/show_bug.cgi?id=1134973

https://bugzilla.suse.com/show_bug.cgi?id=1140025

https://bugzilla.suse.com/show_bug.cgi?id=1142685

https://bugzilla.suse.com/show_bug.cgi?id=1143959

https://bugzilla.suse.com/show_bug.cgi?id=1144162

https://bugzilla.suse.com/show_bug.cgi?id=1144333

https://bugzilla.suse.com/show_bug.cgi?id=1146519

https://bugzilla.suse.com/show_bug.cgi?id=1146544

https://bugzilla.suse.com/show_bug.cgi?id=1151548

https://bugzilla.suse.com/show_bug.cgi?id=1151910

https://bugzilla.suse.com/show_bug.cgi?id=1151927

https://bugzilla.suse.com/show_bug.cgi?id=1152107

https://bugzilla.suse.com/show_bug.cgi?id=1152631

https://bugzilla.suse.com/show_bug.cgi?id=1153535

https://bugzilla.suse.com/show_bug.cgi?id=1153917

https://bugzilla.suse.com/show_bug.cgi?id=1154243

https://bugzilla.suse.com/show_bug.cgi?id=1154601

https://bugzilla.suse.com/show_bug.cgi?id=1154768

https://bugzilla.suse.com/show_bug.cgi?id=1154916

https://bugzilla.suse.com/show_bug.cgi?id=1155331

https://bugzilla.suse.com/show_bug.cgi?id=1155334

https://bugzilla.suse.com/show_bug.cgi?id=1155689

https://bugzilla.suse.com/show_bug.cgi?id=1156259

https://bugzilla.suse.com/show_bug.cgi?id=1156286

https://bugzilla.suse.com/show_bug.cgi?id=1156462

https://bugzilla.suse.com/show_bug.cgi?id=1157155

https://bugzilla.suse.com/show_bug.cgi?id=1157157

https://bugzilla.suse.com/show_bug.cgi?id=1157169

https://bugzilla.suse.com/show_bug.cgi?id=1157303

https://bugzilla.suse.com/show_bug.cgi?id=1157424

https://bugzilla.suse.com/show_bug.cgi?id=1157480

https://bugzilla.suse.com/show_bug.cgi?id=1157692

https://bugzilla.suse.com/show_bug.cgi?id=1157853

https://bugzilla.suse.com/show_bug.cgi?id=1157895

https://bugzilla.suse.com/show_bug.cgi?id=1157908

https://bugzilla.suse.com/show_bug.cgi?id=1157966

https://bugzilla.suse.com/show_bug.cgi?id=1158013

https://bugzilla.suse.com/show_bug.cgi?id=1158021

https://bugzilla.suse.com/show_bug.cgi?id=1158026

https://bugzilla.suse.com/show_bug.cgi?id=1158071

https://bugzilla.suse.com/show_bug.cgi?id=1158094

https://bugzilla.suse.com/show_bug.cgi?id=1158132

https://bugzilla.suse.com/show_bug.cgi?id=1158381

https://bugzilla.suse.com/show_bug.cgi?id=1158533

https://bugzilla.suse.com/show_bug.cgi?id=1158637

https://bugzilla.suse.com/show_bug.cgi?id=1158638

https://bugzilla.suse.com/show_bug.cgi?id=1158639

https://bugzilla.suse.com/show_bug.cgi?id=1158640

https://bugzilla.suse.com/show_bug.cgi?id=1158641

https://bugzilla.suse.com/show_bug.cgi?id=1158643

https://bugzilla.suse.com/show_bug.cgi?id=1158644

https://bugzilla.suse.com/show_bug.cgi?id=1158645

https://bugzilla.suse.com/show_bug.cgi?id=1158646

https://bugzilla.suse.com/show_bug.cgi?id=1158647

https://bugzilla.suse.com/show_bug.cgi?id=1158649

https://bugzilla.suse.com/show_bug.cgi?id=1158651

https://bugzilla.suse.com/show_bug.cgi?id=1158652

https://bugzilla.suse.com/show_bug.cgi?id=1158819

https://bugzilla.suse.com/show_bug.cgi?id=1158823

https://bugzilla.suse.com/show_bug.cgi?id=1158824

https://bugzilla.suse.com/show_bug.cgi?id=1158827

https://bugzilla.suse.com/show_bug.cgi?id=1158834

https://bugzilla.suse.com/show_bug.cgi?id=1158893

https://bugzilla.suse.com/show_bug.cgi?id=1158900

https://bugzilla.suse.com/show_bug.cgi?id=1158903

https://bugzilla.suse.com/show_bug.cgi?id=1158904

https://bugzilla.suse.com/show_bug.cgi?id=1158954

https://bugzilla.suse.com/show_bug.cgi?id=1159024

https://bugzilla.suse.com/show_bug.cgi?id=1159028

https://bugzilla.suse.com/show_bug.cgi?id=1159271

https://bugzilla.suse.com/show_bug.cgi?id=1159297

https://bugzilla.suse.com/show_bug.cgi?id=1159377

https://bugzilla.suse.com/show_bug.cgi?id=1159394

https://bugzilla.suse.com/show_bug.cgi?id=1159483

https://bugzilla.suse.com/show_bug.cgi?id=1159484

https://bugzilla.suse.com/show_bug.cgi?id=1159500

https://bugzilla.suse.com/show_bug.cgi?id=1159569

https://bugzilla.suse.com/show_bug.cgi?id=1159588

https://bugzilla.suse.com/show_bug.cgi?id=1159841

https://bugzilla.suse.com/show_bug.cgi?id=1159908

https://bugzilla.suse.com/show_bug.cgi?id=1159909

https://bugzilla.suse.com/show_bug.cgi?id=1159910

https://bugzilla.suse.com/show_bug.cgi?id=1159911

https://bugzilla.suse.com/show_bug.cgi?id=1159955

https://bugzilla.suse.com/show_bug.cgi?id=1160147

https://bugzilla.suse.com/show_bug.cgi?id=1160195

https://bugzilla.suse.com/show_bug.cgi?id=1160210

https://bugzilla.suse.com/show_bug.cgi?id=1160211

https://bugzilla.suse.com/show_bug.cgi?id=1160218

https://bugzilla.suse.com/show_bug.cgi?id=1160433

https://bugzilla.suse.com/show_bug.cgi?id=1160442

https://bugzilla.suse.com/show_bug.cgi?id=1160469

https://bugzilla.suse.com/show_bug.cgi?id=1160470

https://bugzilla.suse.com/show_bug.cgi?id=1160476

https://bugzilla.suse.com/show_bug.cgi?id=1160560

https://bugzilla.suse.com/show_bug.cgi?id=1160618

https://bugzilla.suse.com/show_bug.cgi?id=1160678

https://bugzilla.suse.com/show_bug.cgi?id=1160755

https://bugzilla.suse.com/show_bug.cgi?id=1160756

https://bugzilla.suse.com/show_bug.cgi?id=1160784

https://bugzilla.suse.com/show_bug.cgi?id=1160787

https://bugzilla.suse.com/show_bug.cgi?id=1160802

https://bugzilla.suse.com/show_bug.cgi?id=1160803

https://bugzilla.suse.com/show_bug.cgi?id=1160804

https://bugzilla.suse.com/show_bug.cgi?id=1160917

https://bugzilla.suse.com/show_bug.cgi?id=1160966

https://bugzilla.suse.com/show_bug.cgi?id=1160979

https://bugzilla.suse.com/show_bug.cgi?id=1161087

https://bugzilla.suse.com/show_bug.cgi?id=1161243

https://bugzilla.suse.com/show_bug.cgi?id=1161360

https://bugzilla.suse.com/show_bug.cgi?id=1161472

https://bugzilla.suse.com/show_bug.cgi?id=1161514

https://bugzilla.suse.com/show_bug.cgi?id=1161518

https://bugzilla.suse.com/show_bug.cgi?id=1161522

https://bugzilla.suse.com/show_bug.cgi?id=1161523

https://bugzilla.suse.com/show_bug.cgi?id=1161549

https://bugzilla.suse.com/show_bug.cgi?id=1161552

https://bugzilla.suse.com/show_bug.cgi?id=1161674

https://bugzilla.suse.com/show_bug.cgi?id=1161702

https://bugzilla.suse.com/show_bug.cgi?id=1161907

https://bugzilla.suse.com/show_bug.cgi?id=1161931

https://bugzilla.suse.com/show_bug.cgi?id=1161933

https://bugzilla.suse.com/show_bug.cgi?id=1161934

https://bugzilla.suse.com/show_bug.cgi?id=1161935

https://bugzilla.suse.com/show_bug.cgi?id=1161936

https://bugzilla.suse.com/show_bug.cgi?id=1161937

https://bugzilla.suse.com/show_bug.cgi?id=1162028

https://bugzilla.suse.com/show_bug.cgi?id=1162067

https://bugzilla.suse.com/show_bug.cgi?id=1162109

https://bugzilla.suse.com/show_bug.cgi?id=1162139

https://bugzilla.suse.com/show_bug.cgi?id=1162557

https://bugzilla.suse.com/show_bug.cgi?id=1162617

https://bugzilla.suse.com/show_bug.cgi?id=1162618

https://bugzilla.suse.com/show_bug.cgi?id=1162619

https://bugzilla.suse.com/show_bug.cgi?id=1162623

https://bugzilla.suse.com/show_bug.cgi?id=1162928

https://bugzilla.suse.com/show_bug.cgi?id=1162943

https://bugzilla.suse.com/show_bug.cgi?id=1163206

https://bugzilla.suse.com/show_bug.cgi?id=1163383

https://bugzilla.suse.com/show_bug.cgi?id=1163384

https://bugzilla.suse.com/show_bug.cgi?id=1163762

https://bugzilla.suse.com/show_bug.cgi?id=1163774

https://bugzilla.suse.com/show_bug.cgi?id=1163836

https://bugzilla.suse.com/show_bug.cgi?id=1163840

https://bugzilla.suse.com/show_bug.cgi?id=1163841

https://bugzilla.suse.com/show_bug.cgi?id=1163842

https://bugzilla.suse.com/show_bug.cgi?id=1163843

https://bugzilla.suse.com/show_bug.cgi?id=1163844

https://bugzilla.suse.com/show_bug.cgi?id=1163845

https://bugzilla.suse.com/show_bug.cgi?id=1163846

https://bugzilla.suse.com/show_bug.cgi?id=1163849

https://bugzilla.suse.com/show_bug.cgi?id=1163850

https://bugzilla.suse.com/show_bug.cgi?id=1163851

https://bugzilla.suse.com/show_bug.cgi?id=1163852

https://bugzilla.suse.com/show_bug.cgi?id=1163853

https://bugzilla.suse.com/show_bug.cgi?id=1163855

https://bugzilla.suse.com/show_bug.cgi?id=1163856

https://bugzilla.suse.com/show_bug.cgi?id=1163857

https://bugzilla.suse.com/show_bug.cgi?id=1163858

https://bugzilla.suse.com/show_bug.cgi?id=1163859

https://bugzilla.suse.com/show_bug.cgi?id=1163860

https://bugzilla.suse.com/show_bug.cgi?id=1163861

https://bugzilla.suse.com/show_bug.cgi?id=1163862

https://bugzilla.suse.com/show_bug.cgi?id=1163863

https://bugzilla.suse.com/show_bug.cgi?id=1163867

https://bugzilla.suse.com/show_bug.cgi?id=1163869

https://bugzilla.suse.com/show_bug.cgi?id=1163880

https://bugzilla.suse.com/show_bug.cgi?id=1163971

https://bugzilla.suse.com/show_bug.cgi?id=1164051

https://bugzilla.suse.com/show_bug.cgi?id=1164069

https://bugzilla.suse.com/show_bug.cgi?id=1164098

https://bugzilla.suse.com/show_bug.cgi?id=1164115

https://bugzilla.suse.com/show_bug.cgi?id=1164314

https://bugzilla.suse.com/show_bug.cgi?id=1164315

https://bugzilla.suse.com/show_bug.cgi?id=1164388

https://bugzilla.suse.com/show_bug.cgi?id=1164471

https://bugzilla.suse.com/show_bug.cgi?id=1164598

https://bugzilla.suse.com/show_bug.cgi?id=1164632

https://bugzilla.suse.com/show_bug.cgi?id=1164705

https://bugzilla.suse.com/show_bug.cgi?id=1164712

https://bugzilla.suse.com/show_bug.cgi?id=1164727

https://bugzilla.suse.com/show_bug.cgi?id=1164728

https://bugzilla.suse.com/show_bug.cgi?id=1164729

https://bugzilla.suse.com/show_bug.cgi?id=1164730

https://bugzilla.suse.com/show_bug.cgi?id=1164731

https://bugzilla.suse.com/show_bug.cgi?id=1164732

https://bugzilla.suse.com/show_bug.cgi?id=1164733

https://bugzilla.suse.com/show_bug.cgi?id=1164734

https://bugzilla.suse.com/show_bug.cgi?id=1164735

https://www.suse.com/security/cve/CVE-2019-14615/

https://www.suse.com/security/cve/CVE-2019-14896/

https://www.suse.com/security/cve/CVE-2019-14897/

https://www.suse.com/security/cve/CVE-2019-15213/

https://www.suse.com/security/cve/CVE-2019-16746/

https://www.suse.com/security/cve/CVE-2019-16994/

https://www.suse.com/security/cve/CVE-2019-18808/

https://www.suse.com/security/cve/CVE-2019-19036/

https://www.suse.com/security/cve/CVE-2019-19045/

https://www.suse.com/security/cve/CVE-2019-19051/

https://www.suse.com/security/cve/CVE-2019-19054/

https://www.suse.com/security/cve/CVE-2019-19066/

https://www.suse.com/security/cve/CVE-2019-19318/

https://www.suse.com/security/cve/CVE-2019-19319/

https://www.suse.com/security/cve/CVE-2019-19332/

https://www.suse.com/security/cve/CVE-2019-19338/

https://www.suse.com/security/cve/CVE-2019-19447/

https://www.suse.com/security/cve/CVE-2019-19523/

https://www.suse.com/security/cve/CVE-2019-19526/

https://www.suse.com/security/cve/CVE-2019-19527/

https://www.suse.com/security/cve/CVE-2019-19532/

https://www.suse.com/security/cve/CVE-2019-19533/

https://www.suse.com/security/cve/CVE-2019-19535/

https://www.suse.com/security/cve/CVE-2019-19537/

https://www.suse.com/security/cve/CVE-2019-19767/

https://www.suse.com/security/cve/CVE-2019-19927/

https://www.suse.com/security/cve/CVE-2019-19965/

https://www.suse.com/security/cve/CVE-2019-19966/

https://www.suse.com/security/cve/CVE-2019-20054/

https://www.suse.com/security/cve/CVE-2019-20095/

https://www.suse.com/security/cve/CVE-2019-20096/

https://www.suse.com/security/cve/CVE-2020-2732/

https://www.suse.com/security/cve/CVE-2020-7053/

https://www.suse.com/security/cve/CVE-2020-8428/

https://www.suse.com/security/cve/CVE-2020-8648/

https://www.suse.com/security/cve/CVE-2020-8992/

http://www.nessus.org/u?d073b639

Plugin Details

Severity: Critical

ID: 134289

File Name: suse_SU-2020-0560-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/03/06

Updated: 2020/03/10

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 6.7

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-debug, p-cpe:/a:novell:suse_linux:kernel-debug-base, p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo, p-cpe:/a:novell:suse_linux:kernel-debug-debugsource, p-cpe:/a:novell:suse_linux:kernel-debug-devel, p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-kvmsmall, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-obs-qa, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-vanilla, p-cpe:/a:novell:suse_linux:kernel-vanilla-base, p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource, p-cpe:/a:novell:suse_linux:kernel-vanilla-devel, p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man, p-cpe:/a:novell:suse_linux:kselftests-kmp-default, p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/03/02

Vulnerability Publication Date: 2019/08/19

Reference Information

CVE: CVE-2019-14615, CVE-2019-14896, CVE-2019-14897, CVE-2019-15213, CVE-2019-16746, CVE-2019-16994, CVE-2019-18808, CVE-2019-19036, CVE-2019-19045, CVE-2019-19051, CVE-2019-19054, CVE-2019-19066, CVE-2019-19318, CVE-2019-19319, CVE-2019-19332, CVE-2019-19338, CVE-2019-19447, CVE-2019-19523, CVE-2019-19526, CVE-2019-19527, CVE-2019-19532, CVE-2019-19533, CVE-2019-19535, CVE-2019-19537, CVE-2019-19767, CVE-2019-19927, CVE-2019-19965, CVE-2019-19966, CVE-2019-20054, CVE-2019-20095, CVE-2019-20096, CVE-2020-2732, CVE-2020-7053, CVE-2020-8428, CVE-2020-8648, CVE-2020-8992