SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1)

medium Nessus Plugin ID 143671
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).

CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).

CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).

CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).

CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).

CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).

CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#1176381).

CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).

CVE-2020-14385: Fixed a failure of the file system metadata validator in XFS which could have caused an inode with a valid, user-creatable extended attribute to be flagged as corrupt (bsc#1176137).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15-SP2 :

zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2879=1

SUSE Linux Enterprise Module for Live Patching 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-2879=1

SUSE Linux Enterprise Module for Legacy Software 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2879=1

SUSE Linux Enterprise Module for Development Tools 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2879=1

SUSE Linux Enterprise Module for Basesystem 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2879=1

SUSE Linux Enterprise High Availability 15-SP2 :

zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-2879=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1055186

https://bugzilla.suse.com/show_bug.cgi?id=1058115

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1094244

https://bugzilla.suse.com/show_bug.cgi?id=1136666

https://bugzilla.suse.com/show_bug.cgi?id=1152148

https://bugzilla.suse.com/show_bug.cgi?id=1152472

https://bugzilla.suse.com/show_bug.cgi?id=1152489

https://bugzilla.suse.com/show_bug.cgi?id=1153274

https://bugzilla.suse.com/show_bug.cgi?id=1154353

https://bugzilla.suse.com/show_bug.cgi?id=1155518

https://bugzilla.suse.com/show_bug.cgi?id=1155798

https://bugzilla.suse.com/show_bug.cgi?id=1156395

https://bugzilla.suse.com/show_bug.cgi?id=1167527

https://bugzilla.suse.com/show_bug.cgi?id=1170232

https://bugzilla.suse.com/show_bug.cgi?id=1170774

https://bugzilla.suse.com/show_bug.cgi?id=1171000

https://bugzilla.suse.com/show_bug.cgi?id=1171068

https://bugzilla.suse.com/show_bug.cgi?id=1171073

https://bugzilla.suse.com/show_bug.cgi?id=1171558

https://bugzilla.suse.com/show_bug.cgi?id=1171688

https://bugzilla.suse.com/show_bug.cgi?id=1171742

https://bugzilla.suse.com/show_bug.cgi?id=1172419

https://bugzilla.suse.com/show_bug.cgi?id=1172757

https://bugzilla.suse.com/show_bug.cgi?id=1172873

https://bugzilla.suse.com/show_bug.cgi?id=1173017

https://bugzilla.suse.com/show_bug.cgi?id=1173060

https://bugzilla.suse.com/show_bug.cgi?id=1173115

https://bugzilla.suse.com/show_bug.cgi?id=1173267

https://bugzilla.suse.com/show_bug.cgi?id=1173746

https://bugzilla.suse.com/show_bug.cgi?id=1174029

https://bugzilla.suse.com/show_bug.cgi?id=1174110

https://bugzilla.suse.com/show_bug.cgi?id=1174111

https://bugzilla.suse.com/show_bug.cgi?id=1174358

https://bugzilla.suse.com/show_bug.cgi?id=1174484

https://bugzilla.suse.com/show_bug.cgi?id=1174486

https://bugzilla.suse.com/show_bug.cgi?id=1174899

https://bugzilla.suse.com/show_bug.cgi?id=1175263

https://bugzilla.suse.com/show_bug.cgi?id=1175667

https://bugzilla.suse.com/show_bug.cgi?id=1175718

https://bugzilla.suse.com/show_bug.cgi?id=1175749

https://bugzilla.suse.com/show_bug.cgi?id=1175787

https://bugzilla.suse.com/show_bug.cgi?id=1175882

https://bugzilla.suse.com/show_bug.cgi?id=1175952

https://bugzilla.suse.com/show_bug.cgi?id=1175996

https://bugzilla.suse.com/show_bug.cgi?id=1175997

https://bugzilla.suse.com/show_bug.cgi?id=1175998

https://bugzilla.suse.com/show_bug.cgi?id=1175999

https://bugzilla.suse.com/show_bug.cgi?id=1176000

https://bugzilla.suse.com/show_bug.cgi?id=1176001

https://bugzilla.suse.com/show_bug.cgi?id=1176019

https://bugzilla.suse.com/show_bug.cgi?id=1176022

https://bugzilla.suse.com/show_bug.cgi?id=1176038

https://bugzilla.suse.com/show_bug.cgi?id=1176063

https://bugzilla.suse.com/show_bug.cgi?id=1176137

https://bugzilla.suse.com/show_bug.cgi?id=1176235

https://bugzilla.suse.com/show_bug.cgi?id=1176236

https://bugzilla.suse.com/show_bug.cgi?id=1176237

https://bugzilla.suse.com/show_bug.cgi?id=1176242

https://bugzilla.suse.com/show_bug.cgi?id=1176278

https://bugzilla.suse.com/show_bug.cgi?id=1176357

https://bugzilla.suse.com/show_bug.cgi?id=1176358

https://bugzilla.suse.com/show_bug.cgi?id=1176359

https://bugzilla.suse.com/show_bug.cgi?id=1176360

https://bugzilla.suse.com/show_bug.cgi?id=1176361

https://bugzilla.suse.com/show_bug.cgi?id=1176362

https://bugzilla.suse.com/show_bug.cgi?id=1176363

https://bugzilla.suse.com/show_bug.cgi?id=1176364

https://bugzilla.suse.com/show_bug.cgi?id=1176365

https://bugzilla.suse.com/show_bug.cgi?id=1176366

https://bugzilla.suse.com/show_bug.cgi?id=1176367

https://bugzilla.suse.com/show_bug.cgi?id=1176381

https://bugzilla.suse.com/show_bug.cgi?id=1176423

https://bugzilla.suse.com/show_bug.cgi?id=1176449

https://bugzilla.suse.com/show_bug.cgi?id=1176482

https://bugzilla.suse.com/show_bug.cgi?id=1176486

https://bugzilla.suse.com/show_bug.cgi?id=1176507

https://bugzilla.suse.com/show_bug.cgi?id=1176536

https://bugzilla.suse.com/show_bug.cgi?id=1176537

https://bugzilla.suse.com/show_bug.cgi?id=1176538

https://bugzilla.suse.com/show_bug.cgi?id=1176539

https://bugzilla.suse.com/show_bug.cgi?id=1176540

https://bugzilla.suse.com/show_bug.cgi?id=1176541

https://bugzilla.suse.com/show_bug.cgi?id=1176542

https://bugzilla.suse.com/show_bug.cgi?id=1176544

https://bugzilla.suse.com/show_bug.cgi?id=1176545

https://bugzilla.suse.com/show_bug.cgi?id=1176546

https://bugzilla.suse.com/show_bug.cgi?id=1176548

https://bugzilla.suse.com/show_bug.cgi?id=1176558

https://bugzilla.suse.com/show_bug.cgi?id=1176559

https://bugzilla.suse.com/show_bug.cgi?id=1176587

https://bugzilla.suse.com/show_bug.cgi?id=1176588

https://bugzilla.suse.com/show_bug.cgi?id=1176659

https://bugzilla.suse.com/show_bug.cgi?id=1176698

https://bugzilla.suse.com/show_bug.cgi?id=1176699

https://bugzilla.suse.com/show_bug.cgi?id=1176700

https://bugzilla.suse.com/show_bug.cgi?id=1176721

https://bugzilla.suse.com/show_bug.cgi?id=1176722

https://bugzilla.suse.com/show_bug.cgi?id=1176725

https://bugzilla.suse.com/show_bug.cgi?id=1176732

https://bugzilla.suse.com/show_bug.cgi?id=1176763

https://bugzilla.suse.com/show_bug.cgi?id=1176775

https://bugzilla.suse.com/show_bug.cgi?id=1176788

https://bugzilla.suse.com/show_bug.cgi?id=1176789

https://bugzilla.suse.com/show_bug.cgi?id=1176833

https://bugzilla.suse.com/show_bug.cgi?id=1176869

https://bugzilla.suse.com/show_bug.cgi?id=1176877

https://bugzilla.suse.com/show_bug.cgi?id=1176925

https://bugzilla.suse.com/show_bug.cgi?id=1176962

https://bugzilla.suse.com/show_bug.cgi?id=1176980

https://bugzilla.suse.com/show_bug.cgi?id=1176990

https://bugzilla.suse.com/show_bug.cgi?id=1177021

https://bugzilla.suse.com/show_bug.cgi?id=1177030

https://www.suse.com/security/cve/CVE-2020-0404/

https://www.suse.com/security/cve/CVE-2020-0427/

https://www.suse.com/security/cve/CVE-2020-0431/

https://www.suse.com/security/cve/CVE-2020-0432/

https://www.suse.com/security/cve/CVE-2020-14385/

https://www.suse.com/security/cve/CVE-2020-14390/

https://www.suse.com/security/cve/CVE-2020-2521/

https://www.suse.com/security/cve/CVE-2020-25284/

https://www.suse.com/security/cve/CVE-2020-26088/

http://www.nessus.org/u?8f0f0386

Plugin Details

Severity: Medium

ID: 143671

File Name: suse_SU-2020-2879-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 12/9/2020

Updated: 2/8/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2020-14390

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/8/2020

Vulnerability Publication Date: 9/13/2020

Reference Information

CVE: CVE-2020-0404, CVE-2020-0427, CVE-2020-0431, CVE-2020-0432, CVE-2020-14385, CVE-2020-14390, CVE-2020-2521, CVE-2020-25284, CVE-2020-26088