SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2575-1)
high Nessus Plugin ID 140475
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote SUSE host is missing one or more security updates.Description
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.The following security bugs were fixed :
CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
CVE-2020-14314: Fixed a potential negative array index in do_split() (bsc#1173798).
CVE-2020-14356: Fixed a NULL pointer dereference in cgroupv2 subsystem which could have led to privilege escalation (bsc#1175213).
CVE-2020-14331: Fixed a missing check in vgacon scrollback handling (bsc#1174205).
CVE-2020-16166: Fixed a potential issue which could have allowed remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG (bsc#1174757).
CVE-2020-24394: Fixed an issue which could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support (bsc#1175518).
CVE-2020-10135: Legacy pairing and secure-connections pairing authentication Bluetooth might have allowed an unauthenticated user to complete authentication without pairing credentials via adjacent access (bsc#1171988).
CVE-2020-14386: Fixed a potential local privilege escalation via memory corruption (bsc#1176069).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Workstation Extension 15-SP1 :
zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2020-2575=1
SUSE Linux Enterprise Module for Live Patching 15-SP1 :
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2020-2575=1
SUSE Linux Enterprise Module for Legacy Software 15-SP1 :
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2575=1
SUSE Linux Enterprise Module for Development Tools 15-SP1 :
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2575=1
SUSE Linux Enterprise Module for Basesystem 15-SP1 :
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2575=1
SUSE Linux Enterprise High Availability 15-SP1 :
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2020-2575=1
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1058115
https://bugzilla.suse.com/show_bug.cgi?id=1065600
https://bugzilla.suse.com/show_bug.cgi?id=1065729
https://bugzilla.suse.com/show_bug.cgi?id=1071995
https://bugzilla.suse.com/show_bug.cgi?id=1083548
https://bugzilla.suse.com/show_bug.cgi?id=1085030
https://bugzilla.suse.com/show_bug.cgi?id=1111666
https://bugzilla.suse.com/show_bug.cgi?id=1112178
https://bugzilla.suse.com/show_bug.cgi?id=1113956
https://bugzilla.suse.com/show_bug.cgi?id=1120163
https://bugzilla.suse.com/show_bug.cgi?id=1133021
https://bugzilla.suse.com/show_bug.cgi?id=1136666
https://bugzilla.suse.com/show_bug.cgi?id=1144333
https://bugzilla.suse.com/show_bug.cgi?id=1152148
https://bugzilla.suse.com/show_bug.cgi?id=1163524
https://bugzilla.suse.com/show_bug.cgi?id=1165629
https://bugzilla.suse.com/show_bug.cgi?id=1166965
https://bugzilla.suse.com/show_bug.cgi?id=1169790
https://bugzilla.suse.com/show_bug.cgi?id=1170232
https://bugzilla.suse.com/show_bug.cgi?id=1171558
https://bugzilla.suse.com/show_bug.cgi?id=1171688
https://bugzilla.suse.com/show_bug.cgi?id=1171988
https://bugzilla.suse.com/show_bug.cgi?id=1172073
https://bugzilla.suse.com/show_bug.cgi?id=1172108
https://bugzilla.suse.com/show_bug.cgi?id=1172247
https://bugzilla.suse.com/show_bug.cgi?id=1172418
https://bugzilla.suse.com/show_bug.cgi?id=1172428
https://bugzilla.suse.com/show_bug.cgi?id=1172871
https://bugzilla.suse.com/show_bug.cgi?id=1172872
https://bugzilla.suse.com/show_bug.cgi?id=1172873
https://bugzilla.suse.com/show_bug.cgi?id=1172963
https://bugzilla.suse.com/show_bug.cgi?id=1173060
https://bugzilla.suse.com/show_bug.cgi?id=1173485
https://bugzilla.suse.com/show_bug.cgi?id=1173798
https://bugzilla.suse.com/show_bug.cgi?id=1173954
https://bugzilla.suse.com/show_bug.cgi?id=1174003
https://bugzilla.suse.com/show_bug.cgi?id=1174026
https://bugzilla.suse.com/show_bug.cgi?id=1174070
https://bugzilla.suse.com/show_bug.cgi?id=1174205
https://bugzilla.suse.com/show_bug.cgi?id=1174387
https://bugzilla.suse.com/show_bug.cgi?id=1174484
https://bugzilla.suse.com/show_bug.cgi?id=1174547
https://bugzilla.suse.com/show_bug.cgi?id=1174549
https://bugzilla.suse.com/show_bug.cgi?id=1174550
https://bugzilla.suse.com/show_bug.cgi?id=1174625
https://bugzilla.suse.com/show_bug.cgi?id=1174658
https://bugzilla.suse.com/show_bug.cgi?id=1174685
https://bugzilla.suse.com/show_bug.cgi?id=1174689
https://bugzilla.suse.com/show_bug.cgi?id=1174699
https://bugzilla.suse.com/show_bug.cgi?id=1174734
https://bugzilla.suse.com/show_bug.cgi?id=1174757
https://bugzilla.suse.com/show_bug.cgi?id=1174771
https://bugzilla.suse.com/show_bug.cgi?id=1174840
https://bugzilla.suse.com/show_bug.cgi?id=1174841
https://bugzilla.suse.com/show_bug.cgi?id=1174843
https://bugzilla.suse.com/show_bug.cgi?id=1174844
https://bugzilla.suse.com/show_bug.cgi?id=1174845
https://bugzilla.suse.com/show_bug.cgi?id=1174852
https://bugzilla.suse.com/show_bug.cgi?id=1174873
https://bugzilla.suse.com/show_bug.cgi?id=1174904
https://bugzilla.suse.com/show_bug.cgi?id=1174926
https://bugzilla.suse.com/show_bug.cgi?id=1174968
https://bugzilla.suse.com/show_bug.cgi?id=1175062
https://bugzilla.suse.com/show_bug.cgi?id=1175063
https://bugzilla.suse.com/show_bug.cgi?id=1175064
https://bugzilla.suse.com/show_bug.cgi?id=1175065
https://bugzilla.suse.com/show_bug.cgi?id=1175066
https://bugzilla.suse.com/show_bug.cgi?id=1175067
https://bugzilla.suse.com/show_bug.cgi?id=1175112
https://bugzilla.suse.com/show_bug.cgi?id=1175127
https://bugzilla.suse.com/show_bug.cgi?id=1175128
https://bugzilla.suse.com/show_bug.cgi?id=1175149
https://bugzilla.suse.com/show_bug.cgi?id=1175199
https://bugzilla.suse.com/show_bug.cgi?id=1175213
https://bugzilla.suse.com/show_bug.cgi?id=1175228
https://bugzilla.suse.com/show_bug.cgi?id=1175232
https://bugzilla.suse.com/show_bug.cgi?id=1175284
https://bugzilla.suse.com/show_bug.cgi?id=1175393
https://bugzilla.suse.com/show_bug.cgi?id=1175394
https://bugzilla.suse.com/show_bug.cgi?id=1175396
https://bugzilla.suse.com/show_bug.cgi?id=1175397
https://bugzilla.suse.com/show_bug.cgi?id=1175398
https://bugzilla.suse.com/show_bug.cgi?id=1175399
https://bugzilla.suse.com/show_bug.cgi?id=1175400
https://bugzilla.suse.com/show_bug.cgi?id=1175401
https://bugzilla.suse.com/show_bug.cgi?id=1175402
https://bugzilla.suse.com/show_bug.cgi?id=1175403
https://bugzilla.suse.com/show_bug.cgi?id=1175404
https://bugzilla.suse.com/show_bug.cgi?id=1175405
https://bugzilla.suse.com/show_bug.cgi?id=1175406
https://bugzilla.suse.com/show_bug.cgi?id=1175407
https://bugzilla.suse.com/show_bug.cgi?id=1175408
https://bugzilla.suse.com/show_bug.cgi?id=1175409
https://bugzilla.suse.com/show_bug.cgi?id=1175410
https://bugzilla.suse.com/show_bug.cgi?id=1175411
https://bugzilla.suse.com/show_bug.cgi?id=1175412
https://bugzilla.suse.com/show_bug.cgi?id=1175413
https://bugzilla.suse.com/show_bug.cgi?id=1175414
https://bugzilla.suse.com/show_bug.cgi?id=1175415
https://bugzilla.suse.com/show_bug.cgi?id=1175416
https://bugzilla.suse.com/show_bug.cgi?id=1175417
https://bugzilla.suse.com/show_bug.cgi?id=1175418
https://bugzilla.suse.com/show_bug.cgi?id=1175419
https://bugzilla.suse.com/show_bug.cgi?id=1175420
https://bugzilla.suse.com/show_bug.cgi?id=1175421
https://bugzilla.suse.com/show_bug.cgi?id=1175422
https://bugzilla.suse.com/show_bug.cgi?id=1175423
https://bugzilla.suse.com/show_bug.cgi?id=1175440
https://bugzilla.suse.com/show_bug.cgi?id=1175493
https://bugzilla.suse.com/show_bug.cgi?id=1175515
https://bugzilla.suse.com/show_bug.cgi?id=1175518
https://bugzilla.suse.com/show_bug.cgi?id=1175526
https://bugzilla.suse.com/show_bug.cgi?id=1175550
https://bugzilla.suse.com/show_bug.cgi?id=1175654
https://bugzilla.suse.com/show_bug.cgi?id=1175666
https://bugzilla.suse.com/show_bug.cgi?id=1175667
https://bugzilla.suse.com/show_bug.cgi?id=1175668
https://bugzilla.suse.com/show_bug.cgi?id=1175669
https://bugzilla.suse.com/show_bug.cgi?id=1175670
https://bugzilla.suse.com/show_bug.cgi?id=1175691
https://bugzilla.suse.com/show_bug.cgi?id=1175767
https://bugzilla.suse.com/show_bug.cgi?id=1175768
https://bugzilla.suse.com/show_bug.cgi?id=1175769
https://bugzilla.suse.com/show_bug.cgi?id=1175770
https://bugzilla.suse.com/show_bug.cgi?id=1175771
https://bugzilla.suse.com/show_bug.cgi?id=1175772
https://bugzilla.suse.com/show_bug.cgi?id=1175786
https://bugzilla.suse.com/show_bug.cgi?id=1175873
https://bugzilla.suse.com/show_bug.cgi?id=1176069
https://www.suse.com/security/cve/CVE-2020-10135/
https://www.suse.com/security/cve/CVE-2020-14314/
https://www.suse.com/security/cve/CVE-2020-14331/
https://www.suse.com/security/cve/CVE-2020-14356/
https://www.suse.com/security/cve/CVE-2020-14386/
https://www.suse.com/security/cve/CVE-2020-16166/
https://www.suse.com/security/cve/CVE-2020-1749/
Plugin Details
Severity: High
ID: 140475
File Name: suse_SU-2020-2575-1.nasl
Version: 1.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 9/10/2020
Updated: 1/13/2021
Dependencies: ssh_get_info.nasl
Risk Information
CVSS Score Source: CVE-2020-14386
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/9/2020
Vulnerability Publication Date: 5/19/2020
Reference Information
CVE: CVE-2020-10135, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14386, CVE-2020-16166, CVE-2020-1749, CVE-2020-24394