SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2122-1)

High Nessus Plugin ID 139363

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-14331: A buffer over write in vgacon_scroll was fixed (bnc#1174205).

CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988).

CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).

CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).

CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074).

CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).

CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514).

CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).

CVE-2019-16746: net/wireless/nl80211.c did not check the length of variable elements in a beacon head, leading to a buffer overflow (bnc#1152107).

CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).

CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).

CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).

CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP5 :

zypper in -t patch SUSE-SLE-WE-12-SP5-2020-2122=1

SUSE Linux Enterprise Software Development Kit 12-SP5 :

zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-2122=1

SUSE Linux Enterprise Server 12-SP5 :

zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2122=1

SUSE Linux Enterprise Live Patching 12-SP5 :

zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2020-2122=1

SUSE Linux Enterprise High Availability 12-SP5 :

zypper in -t patch SUSE-SLE-HA-12-SP5-2020-2122=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1104967

https://bugzilla.suse.com/show_bug.cgi?id=1111666

https://bugzilla.suse.com/show_bug.cgi?id=1112178

https://bugzilla.suse.com/show_bug.cgi?id=1113956

https://bugzilla.suse.com/show_bug.cgi?id=1114279

https://bugzilla.suse.com/show_bug.cgi?id=1150660

https://bugzilla.suse.com/show_bug.cgi?id=1151927

https://bugzilla.suse.com/show_bug.cgi?id=1152107

https://bugzilla.suse.com/show_bug.cgi?id=1152624

https://bugzilla.suse.com/show_bug.cgi?id=1158983

https://bugzilla.suse.com/show_bug.cgi?id=1159058

https://bugzilla.suse.com/show_bug.cgi?id=1162002

https://bugzilla.suse.com/show_bug.cgi?id=1163309

https://bugzilla.suse.com/show_bug.cgi?id=1167104

https://bugzilla.suse.com/show_bug.cgi?id=1168959

https://bugzilla.suse.com/show_bug.cgi?id=1169514

https://bugzilla.suse.com/show_bug.cgi?id=1169771

https://bugzilla.suse.com/show_bug.cgi?id=1169795

https://bugzilla.suse.com/show_bug.cgi?id=1170011

https://bugzilla.suse.com/show_bug.cgi?id=1170442

https://bugzilla.suse.com/show_bug.cgi?id=1170617

https://bugzilla.suse.com/show_bug.cgi?id=1170618

https://bugzilla.suse.com/show_bug.cgi?id=1171124

https://bugzilla.suse.com/show_bug.cgi?id=1171424

https://bugzilla.suse.com/show_bug.cgi?id=1171529

https://bugzilla.suse.com/show_bug.cgi?id=1171530

https://bugzilla.suse.com/show_bug.cgi?id=1171558

https://bugzilla.suse.com/show_bug.cgi?id=1171673

https://bugzilla.suse.com/show_bug.cgi?id=1171732

https://bugzilla.suse.com/show_bug.cgi?id=1171739

https://bugzilla.suse.com/show_bug.cgi?id=1171743

https://bugzilla.suse.com/show_bug.cgi?id=1171753

https://bugzilla.suse.com/show_bug.cgi?id=1171759

https://bugzilla.suse.com/show_bug.cgi?id=1171761

https://bugzilla.suse.com/show_bug.cgi?id=1171835

https://bugzilla.suse.com/show_bug.cgi?id=1171841

https://bugzilla.suse.com/show_bug.cgi?id=1171868

https://bugzilla.suse.com/show_bug.cgi?id=1171988

https://bugzilla.suse.com/show_bug.cgi?id=1172247

https://bugzilla.suse.com/show_bug.cgi?id=1172257

https://bugzilla.suse.com/show_bug.cgi?id=1172344

https://bugzilla.suse.com/show_bug.cgi?id=1172484

https://bugzilla.suse.com/show_bug.cgi?id=1172687

https://bugzilla.suse.com/show_bug.cgi?id=1172719

https://bugzilla.suse.com/show_bug.cgi?id=1172871

https://bugzilla.suse.com/show_bug.cgi?id=1172872

https://bugzilla.suse.com/show_bug.cgi?id=1172999

https://bugzilla.suse.com/show_bug.cgi?id=1173060

https://bugzilla.suse.com/show_bug.cgi?id=1173074

https://bugzilla.suse.com/show_bug.cgi?id=1173146

https://bugzilla.suse.com/show_bug.cgi?id=1173265

https://bugzilla.suse.com/show_bug.cgi?id=1173280

https://bugzilla.suse.com/show_bug.cgi?id=1173284

https://bugzilla.suse.com/show_bug.cgi?id=1173428

https://bugzilla.suse.com/show_bug.cgi?id=1173462

https://bugzilla.suse.com/show_bug.cgi?id=1173514

https://bugzilla.suse.com/show_bug.cgi?id=1173567

https://bugzilla.suse.com/show_bug.cgi?id=1173573

https://bugzilla.suse.com/show_bug.cgi?id=1173746

https://bugzilla.suse.com/show_bug.cgi?id=1173818

https://bugzilla.suse.com/show_bug.cgi?id=1173820

https://bugzilla.suse.com/show_bug.cgi?id=1173825

https://bugzilla.suse.com/show_bug.cgi?id=1173826

https://bugzilla.suse.com/show_bug.cgi?id=1173833

https://bugzilla.suse.com/show_bug.cgi?id=1173838

https://bugzilla.suse.com/show_bug.cgi?id=1173839

https://bugzilla.suse.com/show_bug.cgi?id=1173845

https://bugzilla.suse.com/show_bug.cgi?id=1173857

https://bugzilla.suse.com/show_bug.cgi?id=1174113

https://bugzilla.suse.com/show_bug.cgi?id=1174115

https://bugzilla.suse.com/show_bug.cgi?id=1174122

https://bugzilla.suse.com/show_bug.cgi?id=1174123

https://bugzilla.suse.com/show_bug.cgi?id=1174130

https://bugzilla.suse.com/show_bug.cgi?id=1174205

https://bugzilla.suse.com/show_bug.cgi?id=1174296

https://bugzilla.suse.com/show_bug.cgi?id=1174343

https://bugzilla.suse.com/show_bug.cgi?id=1174356

https://bugzilla.suse.com/show_bug.cgi?id=1174409

https://bugzilla.suse.com/show_bug.cgi?id=1174438

https://bugzilla.suse.com/show_bug.cgi?id=1174462

https://bugzilla.suse.com/show_bug.cgi?id=1174543

https://www.suse.com/security/cve/CVE-2019-16746/

https://www.suse.com/security/cve/CVE-2019-20908/

https://www.suse.com/security/cve/CVE-2020-0305/

https://www.suse.com/security/cve/CVE-2020-10135/

https://www.suse.com/security/cve/CVE-2020-10769/

https://www.suse.com/security/cve/CVE-2020-10773/

https://www.suse.com/security/cve/CVE-2020-10781/

https://www.suse.com/security/cve/CVE-2020-12771/

https://www.suse.com/security/cve/CVE-2020-12888/

https://www.suse.com/security/cve/CVE-2020-14331/

https://www.suse.com/security/cve/CVE-2020-14416/

https://www.suse.com/security/cve/CVE-2020-15393/

https://www.suse.com/security/cve/CVE-2020-15780/

http://www.nessus.org/u?9978d396

Plugin Details

Severity: High

ID: 139363

File Name: suse_SU-2020-2122-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2020/08/06

Updated: 2020/08/13

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2020/08/04

Vulnerability Publication Date: 2019/09/24

Reference Information

CVE: CVE-2019-16746, CVE-2019-20908, CVE-2020-0305, CVE-2020-10135, CVE-2020-10769, CVE-2020-10773, CVE-2020-10781, CVE-2020-12771, CVE-2020-12888, CVE-2020-14331, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780