SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0688-1)

Low Nessus Plugin ID 134624

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15-SP1 kernel-RT was updated to 4.12.14 to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-8992: Fixed an issue in ext4_protect_reserved_inode in fs/ext4/block_validity.c that allowed attackers to cause a soft lockup via a crafted journal size (bsc#1164069).

CVE-2020-8648: Fixed a use-after-free vulnerability in the n_tty_receive_buf_common function in drivers/tty/n_tty.c (bsc#1162928).

CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources (bsc#1163971).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Realtime 15-SP1:zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-688=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-688=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1050549

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1061840

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1071995

https://bugzilla.suse.com/show_bug.cgi?id=1088810

https://bugzilla.suse.com/show_bug.cgi?id=1105392

https://bugzilla.suse.com/show_bug.cgi?id=1111666

https://bugzilla.suse.com/show_bug.cgi?id=1112178

https://bugzilla.suse.com/show_bug.cgi?id=1112504

https://bugzilla.suse.com/show_bug.cgi?id=1114279

https://bugzilla.suse.com/show_bug.cgi?id=1118338

https://bugzilla.suse.com/show_bug.cgi?id=1133021

https://bugzilla.suse.com/show_bug.cgi?id=1133147

https://bugzilla.suse.com/show_bug.cgi?id=1140025

https://bugzilla.suse.com/show_bug.cgi?id=1142685

https://bugzilla.suse.com/show_bug.cgi?id=1144162

https://bugzilla.suse.com/show_bug.cgi?id=1157424

https://bugzilla.suse.com/show_bug.cgi?id=1157480

https://bugzilla.suse.com/show_bug.cgi?id=1157966

https://bugzilla.suse.com/show_bug.cgi?id=1158013

https://bugzilla.suse.com/show_bug.cgi?id=1159271

https://bugzilla.suse.com/show_bug.cgi?id=1160218

https://bugzilla.suse.com/show_bug.cgi?id=1160979

https://bugzilla.suse.com/show_bug.cgi?id=1161360

https://bugzilla.suse.com/show_bug.cgi?id=1161702

https://bugzilla.suse.com/show_bug.cgi?id=1161907

https://bugzilla.suse.com/show_bug.cgi?id=1162557

https://bugzilla.suse.com/show_bug.cgi?id=1162617

https://bugzilla.suse.com/show_bug.cgi?id=1162618

https://bugzilla.suse.com/show_bug.cgi?id=1162619

https://bugzilla.suse.com/show_bug.cgi?id=1162623

https://bugzilla.suse.com/show_bug.cgi?id=1162928

https://bugzilla.suse.com/show_bug.cgi?id=1162943

https://bugzilla.suse.com/show_bug.cgi?id=1163206

https://bugzilla.suse.com/show_bug.cgi?id=1163383

https://bugzilla.suse.com/show_bug.cgi?id=1163384

https://bugzilla.suse.com/show_bug.cgi?id=1163762

https://bugzilla.suse.com/show_bug.cgi?id=1163774

https://bugzilla.suse.com/show_bug.cgi?id=1163836

https://bugzilla.suse.com/show_bug.cgi?id=1163840

https://bugzilla.suse.com/show_bug.cgi?id=1163841

https://bugzilla.suse.com/show_bug.cgi?id=1163842

https://bugzilla.suse.com/show_bug.cgi?id=1163843

https://bugzilla.suse.com/show_bug.cgi?id=1163844

https://bugzilla.suse.com/show_bug.cgi?id=1163845

https://bugzilla.suse.com/show_bug.cgi?id=1163846

https://bugzilla.suse.com/show_bug.cgi?id=1163849

https://bugzilla.suse.com/show_bug.cgi?id=1163850

https://bugzilla.suse.com/show_bug.cgi?id=1163851

https://bugzilla.suse.com/show_bug.cgi?id=1163852

https://bugzilla.suse.com/show_bug.cgi?id=1163853

https://bugzilla.suse.com/show_bug.cgi?id=1163855

https://bugzilla.suse.com/show_bug.cgi?id=1163856

https://bugzilla.suse.com/show_bug.cgi?id=1163857

https://bugzilla.suse.com/show_bug.cgi?id=1163858

https://bugzilla.suse.com/show_bug.cgi?id=1163859

https://bugzilla.suse.com/show_bug.cgi?id=1163860

https://bugzilla.suse.com/show_bug.cgi?id=1163861

https://bugzilla.suse.com/show_bug.cgi?id=1163862

https://bugzilla.suse.com/show_bug.cgi?id=1163863

https://bugzilla.suse.com/show_bug.cgi?id=1163867

https://bugzilla.suse.com/show_bug.cgi?id=1163869

https://bugzilla.suse.com/show_bug.cgi?id=1163880

https://bugzilla.suse.com/show_bug.cgi?id=1163971

https://bugzilla.suse.com/show_bug.cgi?id=1164051

https://bugzilla.suse.com/show_bug.cgi?id=1164069

https://bugzilla.suse.com/show_bug.cgi?id=1164098

https://bugzilla.suse.com/show_bug.cgi?id=1164115

https://bugzilla.suse.com/show_bug.cgi?id=1164314

https://bugzilla.suse.com/show_bug.cgi?id=1164315

https://bugzilla.suse.com/show_bug.cgi?id=1164388

https://bugzilla.suse.com/show_bug.cgi?id=1164471

https://bugzilla.suse.com/show_bug.cgi?id=1164598

https://bugzilla.suse.com/show_bug.cgi?id=1164632

https://bugzilla.suse.com/show_bug.cgi?id=1164705

https://bugzilla.suse.com/show_bug.cgi?id=1164712

https://bugzilla.suse.com/show_bug.cgi?id=1164727

https://bugzilla.suse.com/show_bug.cgi?id=1164728

https://bugzilla.suse.com/show_bug.cgi?id=1164729

https://bugzilla.suse.com/show_bug.cgi?id=1164730

https://bugzilla.suse.com/show_bug.cgi?id=1164731

https://bugzilla.suse.com/show_bug.cgi?id=1164732

https://bugzilla.suse.com/show_bug.cgi?id=1164733

https://bugzilla.suse.com/show_bug.cgi?id=1164734

https://bugzilla.suse.com/show_bug.cgi?id=1164735

https://www.suse.com/security/cve/CVE-2020-2732/

https://www.suse.com/security/cve/CVE-2020-8648/

https://www.suse.com/security/cve/CVE-2020-8992/

http://www.nessus.org/u?e06145ac

Plugin Details

Severity: Low

ID: 134624

File Name: suse_SU-2020-0688-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/03/16

Updated: 2020/03/18

Dependencies: 12634

Risk Information

Risk Factor: Low

CVSS Score Source: CVE-2020-8648

CVSS v2.0

Base Score: 3.6

Temporal Score: 2.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug, p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-debugsource, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-extra, p-cpe:/a:novell:suse_linux:kernel-rt-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt_debug-base, p-cpe:/a:novell:suse_linux:kernel-rt_debug-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra, p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:kselftests-kmp-rt, p-cpe:/a:novell:suse_linux:kselftests-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug, p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt, p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug, p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2020/03/13

Vulnerability Publication Date: 2020/02/06

Reference Information

CVE: CVE-2020-2732, CVE-2020-8648, CVE-2020-8992