SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2575-1)

high Nessus Plugin ID 140475
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).

CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).

CVE-2020-14356: Fixed a NULL pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).

CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).

CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).

CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).

CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).

CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15-SP1 :

zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2575=1

SUSE Linux Enterprise Module for Live Patching 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2575=1

SUSE Linux Enterprise Module for Legacy Software 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2575=1

SUSE Linux Enterprise Module for Development Tools 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2575=1

SUSE Linux Enterprise Module for Basesystem 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2575=1

SUSE Linux Enterprise High Availability 15-SP1 :

zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2575=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1058115

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1071995

https://bugzilla.suse.com/show_bug.cgi?id=1083548

https://bugzilla.suse.com/show_bug.cgi?id=1085030

https://bugzilla.suse.com/show_bug.cgi?id=1111666

https://bugzilla.suse.com/show_bug.cgi?id=1112178

https://bugzilla.suse.com/show_bug.cgi?id=1113956

https://bugzilla.suse.com/show_bug.cgi?id=1120163

https://bugzilla.suse.com/show_bug.cgi?id=1133021

https://bugzilla.suse.com/show_bug.cgi?id=1136666

https://bugzilla.suse.com/show_bug.cgi?id=1144333

https://bugzilla.suse.com/show_bug.cgi?id=1152148

https://bugzilla.suse.com/show_bug.cgi?id=1163524

https://bugzilla.suse.com/show_bug.cgi?id=1165629

https://bugzilla.suse.com/show_bug.cgi?id=1166965

https://bugzilla.suse.com/show_bug.cgi?id=1169790

https://bugzilla.suse.com/show_bug.cgi?id=1170232

https://bugzilla.suse.com/show_bug.cgi?id=1171558

https://bugzilla.suse.com/show_bug.cgi?id=1171688

https://bugzilla.suse.com/show_bug.cgi?id=1171988

https://bugzilla.suse.com/show_bug.cgi?id=1172073

https://bugzilla.suse.com/show_bug.cgi?id=1172108

https://bugzilla.suse.com/show_bug.cgi?id=1172247

https://bugzilla.suse.com/show_bug.cgi?id=1172418

https://bugzilla.suse.com/show_bug.cgi?id=1172428

https://bugzilla.suse.com/show_bug.cgi?id=1172871

https://bugzilla.suse.com/show_bug.cgi?id=1172872

https://bugzilla.suse.com/show_bug.cgi?id=1172873

https://bugzilla.suse.com/show_bug.cgi?id=1172963

https://bugzilla.suse.com/show_bug.cgi?id=1173060

https://bugzilla.suse.com/show_bug.cgi?id=1173485

https://bugzilla.suse.com/show_bug.cgi?id=1173798

https://bugzilla.suse.com/show_bug.cgi?id=1173954

https://bugzilla.suse.com/show_bug.cgi?id=1174003

https://bugzilla.suse.com/show_bug.cgi?id=1174026

https://bugzilla.suse.com/show_bug.cgi?id=1174070

https://bugzilla.suse.com/show_bug.cgi?id=1174205

https://bugzilla.suse.com/show_bug.cgi?id=1174387

https://bugzilla.suse.com/show_bug.cgi?id=1174484

https://bugzilla.suse.com/show_bug.cgi?id=1174547

https://bugzilla.suse.com/show_bug.cgi?id=1174549

https://bugzilla.suse.com/show_bug.cgi?id=1174550

https://bugzilla.suse.com/show_bug.cgi?id=1174625

https://bugzilla.suse.com/show_bug.cgi?id=1174658

https://bugzilla.suse.com/show_bug.cgi?id=1174685

https://bugzilla.suse.com/show_bug.cgi?id=1174689

https://bugzilla.suse.com/show_bug.cgi?id=1174699

https://bugzilla.suse.com/show_bug.cgi?id=1174734

https://bugzilla.suse.com/show_bug.cgi?id=1174757

https://bugzilla.suse.com/show_bug.cgi?id=1174771

https://bugzilla.suse.com/show_bug.cgi?id=1174840

https://bugzilla.suse.com/show_bug.cgi?id=1174841

https://bugzilla.suse.com/show_bug.cgi?id=1174843

https://bugzilla.suse.com/show_bug.cgi?id=1174844

https://bugzilla.suse.com/show_bug.cgi?id=1174845

https://bugzilla.suse.com/show_bug.cgi?id=1174852

https://bugzilla.suse.com/show_bug.cgi?id=1174873

https://bugzilla.suse.com/show_bug.cgi?id=1174904

https://bugzilla.suse.com/show_bug.cgi?id=1174926

https://bugzilla.suse.com/show_bug.cgi?id=1174968

https://bugzilla.suse.com/show_bug.cgi?id=1175062

https://bugzilla.suse.com/show_bug.cgi?id=1175063

https://bugzilla.suse.com/show_bug.cgi?id=1175064

https://bugzilla.suse.com/show_bug.cgi?id=1175065

https://bugzilla.suse.com/show_bug.cgi?id=1175066

https://bugzilla.suse.com/show_bug.cgi?id=1175067

https://bugzilla.suse.com/show_bug.cgi?id=1175112

https://bugzilla.suse.com/show_bug.cgi?id=1175127

https://bugzilla.suse.com/show_bug.cgi?id=1175128

https://bugzilla.suse.com/show_bug.cgi?id=1175149

https://bugzilla.suse.com/show_bug.cgi?id=1175199

https://bugzilla.suse.com/show_bug.cgi?id=1175213

https://bugzilla.suse.com/show_bug.cgi?id=1175228

https://bugzilla.suse.com/show_bug.cgi?id=1175232

https://bugzilla.suse.com/show_bug.cgi?id=1175284

https://bugzilla.suse.com/show_bug.cgi?id=1175393

https://bugzilla.suse.com/show_bug.cgi?id=1175394

https://bugzilla.suse.com/show_bug.cgi?id=1175396

https://bugzilla.suse.com/show_bug.cgi?id=1175397

https://bugzilla.suse.com/show_bug.cgi?id=1175398

https://bugzilla.suse.com/show_bug.cgi?id=1175399

https://bugzilla.suse.com/show_bug.cgi?id=1175400

https://bugzilla.suse.com/show_bug.cgi?id=1175401

https://bugzilla.suse.com/show_bug.cgi?id=1175402

https://bugzilla.suse.com/show_bug.cgi?id=1175403

https://bugzilla.suse.com/show_bug.cgi?id=1175404

https://bugzilla.suse.com/show_bug.cgi?id=1175405

https://bugzilla.suse.com/show_bug.cgi?id=1175406

https://bugzilla.suse.com/show_bug.cgi?id=1175407

https://bugzilla.suse.com/show_bug.cgi?id=1175408

https://bugzilla.suse.com/show_bug.cgi?id=1175409

https://bugzilla.suse.com/show_bug.cgi?id=1175410

https://bugzilla.suse.com/show_bug.cgi?id=1175411

https://bugzilla.suse.com/show_bug.cgi?id=1175412

https://bugzilla.suse.com/show_bug.cgi?id=1175413

https://bugzilla.suse.com/show_bug.cgi?id=1175414

https://bugzilla.suse.com/show_bug.cgi?id=1175415

https://bugzilla.suse.com/show_bug.cgi?id=1175416

https://bugzilla.suse.com/show_bug.cgi?id=1175417

https://bugzilla.suse.com/show_bug.cgi?id=1175418

https://bugzilla.suse.com/show_bug.cgi?id=1175419

https://bugzilla.suse.com/show_bug.cgi?id=1175420

https://bugzilla.suse.com/show_bug.cgi?id=1175421

https://bugzilla.suse.com/show_bug.cgi?id=1175422

https://bugzilla.suse.com/show_bug.cgi?id=1175423

https://bugzilla.suse.com/show_bug.cgi?id=1175440

https://bugzilla.suse.com/show_bug.cgi?id=1175493

https://bugzilla.suse.com/show_bug.cgi?id=1175515

https://bugzilla.suse.com/show_bug.cgi?id=1175518

https://bugzilla.suse.com/show_bug.cgi?id=1175526

https://bugzilla.suse.com/show_bug.cgi?id=1175550

https://bugzilla.suse.com/show_bug.cgi?id=1175654

https://bugzilla.suse.com/show_bug.cgi?id=1175666

https://bugzilla.suse.com/show_bug.cgi?id=1175667

https://bugzilla.suse.com/show_bug.cgi?id=1175668

https://bugzilla.suse.com/show_bug.cgi?id=1175669

https://bugzilla.suse.com/show_bug.cgi?id=1175670

https://bugzilla.suse.com/show_bug.cgi?id=1175691

https://bugzilla.suse.com/show_bug.cgi?id=1175767

https://bugzilla.suse.com/show_bug.cgi?id=1175768

https://bugzilla.suse.com/show_bug.cgi?id=1175769

https://bugzilla.suse.com/show_bug.cgi?id=1175770

https://bugzilla.suse.com/show_bug.cgi?id=1175771

https://bugzilla.suse.com/show_bug.cgi?id=1175772

https://bugzilla.suse.com/show_bug.cgi?id=1175786

https://bugzilla.suse.com/show_bug.cgi?id=1175873

https://bugzilla.suse.com/show_bug.cgi?id=1176069

https://www.suse.com/security/cve/CVE-2020-10135/

https://www.suse.com/security/cve/CVE-2020-14314/

https://www.suse.com/security/cve/CVE-2020-14331/

https://www.suse.com/security/cve/CVE-2020-14356/

https://www.suse.com/security/cve/CVE-2020-14386/

https://www.suse.com/security/cve/CVE-2020-16166/

https://www.suse.com/security/cve/CVE-2020-1749/

https://www.suse.com/security/cve/CVE-2020-24394/

http://www.nessus.org/u?56c6884d

Plugin Details

Severity: High

ID: 140475

File Name: suse_SU-2020-2575-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 9/10/2020

Updated: 1/13/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2020-14386

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2020

Vulnerability Publication Date: 5/19/2020

Reference Information

CVE: CVE-2020-10135, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14386, CVE-2020-16166, CVE-2020-1749, CVE-2020-24394