SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)

high Nessus Plugin ID 140378

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-10135: Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key (bnc#1171988).

CVE-2020-0305: In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1174462).

CVE-2019-20908: An issue was discovered in drivers/firmware/efi/efi.c where incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032 (bnc#1173567).

CVE-2020-10781: zram sysfs resource consumption was fixed (bnc#1173074).

CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c where injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30 (bnc#1173573).

CVE-2020-15393: usbtest_disconnect in drivers/usb/misc/usbtest.c had a memory leak, aka CID-28ebeb8db770 (bnc#1173514).

CVE-2020-12771: btree_gc_coalesce in drivers/md/bcache/btree.c had a deadlock if a coalescing operation fails (bnc#1171732).

CVE-2020-12888: The VFIO PCI driver mishandled attempts to access disabled memory space (bnc#1171868).

CVE-2020-10769: A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allowed a local attacker with user privileges to cause a denial of service (bnc#1173265).

CVE-2020-10773: A kernel stack information leak on s390/s390x was fixed (bnc#1172999).

CVE-2020-14416: A race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c (bnc#1162002).

CVE-2020-10766: Fixed an issue which allowed an attacker with a local account to disable SSBD protection (bnc#1172781).

CVE-2020-10767: Fixed an issue where Indirect Branch Prediction Barrier was disabled in certain circumstances, leaving the system open to a spectre v2 style attack (bnc#1172782).

CVE-2020-10768: Fixed an issue with the prctl() function, where indirect branch speculation could be enabled even though it was diabled before (bnc#1172783).

CVE-2020-13974: Fixed a integer overflow in drivers/tty/vt/keyboard.c, if k_ascii is called several times in a row (bnc#1172775).

CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or 'CrossTalk' (bsc#1154824).

CVE-2020-13143: Fixed an out-of-bounds read in gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c (bsc#1171982).

CVE-2020-12769: Fixed an issue which could have allowed attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one (bsc#1171983).

CVE-2020-12659: Fixed an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) due to improper headroom validation (bsc#1171214).

CVE-2020-12657: An a use-after-free in block/bfq-iosched.c (bsc#1171205).

CVE-2020-12656: Fixed an improper handling of certain domain_release calls leadingch could have led to a memory leak (bsc#1171219).

CVE-2020-12655: Fixed an issue which could have allowed attackers to trigger a sync of excessive duration via an XFS v5 image with crafted metadata (bsc#1171217).

CVE-2020-12654: Fixed an issue in he wifi driver which could have allowed a remote AP to trigger a heap-based buffer overflow (bsc#1171202).

CVE-2020-12653: Fixed an issue in the wifi driver which could have allowed local users to gain privileges or cause a denial of service (bsc#1171195).

CVE-2020-12652: Fixed an issue which could have allowed local users to hold an incorrect lock during the ioctl operation and trigger a race condition (bsc#1171218).

CVE-2020-12464: Fixed a use-after-free due to a transfer without a reference (bsc#1170901).

CVE-2020-12114: Fixed a pivot_root race condition which could have allowed local users to cause a denial of service (panic) by corrupting a mountpoint reference counter (bsc#1171098).

CVE-2020-11669: Fixed an issue where arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR (bnc#1169390).

CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access (bsc#1172317).

CVE-2020-10751: Fixed an improper implementation in SELinux LSM hook where it was assumed that an skb would only contain a single netlink message (bsc#1171189).

CVE-2020-10732: Fixed kernel data leak in userspace coredumps due to uninitialized data (bsc#1171220).

CVE-2020-10720: Fixed a use-after-free read in napi_gro_frags() (bsc#1170778).

CVE-2020-10711: Fixed a NULL pointer dereference in SELinux subsystem which could have allowed a remote network user to crash the kernel resulting in a denial of service (bsc#1171191).

CVE-2020-10690: Fixed the race between the release of ptp_clock and cdev (bsc#1170056).

CVE-2019-9455: Fixed a pointer leak due to a WARN_ON statement in a video driver. This could lead to local information disclosure with System execution privileges needed (bsc#1170345).

CVE-2019-20812: Fixed an issue in prb_calc_retire_blk_tmo() which could have resulted in a denial of service (bsc#1172453).

CVE-2019-20806: Fixed a NULL pointer dereference which may had lead to denial of service (bsc#1172199).

CVE-2019-19462: Fixed an issue which could have allowed local user to cause denial of service (bsc#1158265).

CVE-2019-20810: go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c did not call snd_card_free for a failure path, which caused a memory leak, aka CID-9453264ef586 (bnc#1172458).

CVE-2018-1000199: Fixed a potential local code execution via ptrace (bsc#1089895).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Realtime 15-SP1 :

zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-2487=1

Plugin Details

Severity: High

ID: 140378

File Name: suse_SU-2020-2487-1.nasl

Version: 1.3

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 9/8/2020

Updated: 5/12/2022

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-15780

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2020-13974

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-debugsource, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/4/2020

Vulnerability Publication Date: 5/24/2018

Reference Information

CVE: CVE-2018-1000199, CVE-2019-19462, CVE-2019-20806, CVE-2019-20810, CVE-2019-20812, CVE-2019-20908, CVE-2019-9455, CVE-2020-0305, CVE-2020-0543, CVE-2020-10135, CVE-2020-10690, CVE-2020-10711, CVE-2020-10720, CVE-2020-10732, CVE-2020-10751, CVE-2020-10757, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10769, CVE-2020-10773, CVE-2020-10781, CVE-2020-11669, CVE-2020-12114, CVE-2020-12464, CVE-2020-12652, CVE-2020-12653, CVE-2020-12654, CVE-2020-12655, CVE-2020-12656, CVE-2020-12657, CVE-2020-12659, CVE-2020-12769, CVE-2020-12771, CVE-2020-12888, CVE-2020-13143, CVE-2020-13974, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780

Detections

Analytics