SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14218-1)

critical Nessus Plugin ID 150533
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14218-1 advisory.

- An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. (CVE-2017-18509)

- An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)

- Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207)

- An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. (CVE-2018-20976)

- Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. (CVE-2019-10220)

- TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)

- An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)

- A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)

- check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. (CVE-2019-15118)

- An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (CVE-2019-15212)

- An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (CVE-2019-15216)

- An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)

- An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (CVE-2019-15219)

- An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.
(CVE-2019-15291)

- An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
(CVE-2019-15292)

- drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). (CVE-2019-15505)

- In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)

- A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. (CVE-2019-15902)

- An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. (CVE-2019-15927)

- drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16232)

- drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16233)

- drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16234)

- An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
(CVE-2019-16413)

- ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. (CVE-2019-17052)

- ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. (CVE-2019-17053)

- atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. (CVE-2019-17054)

- base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. (CVE-2019-17055)

- In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)

- In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. (CVE-2019-9456)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/802154

https://bugzilla.suse.com/936875

https://bugzilla.suse.com/1101061

https://bugzilla.suse.com/1113201

https://bugzilla.suse.com/1117665

https://bugzilla.suse.com/1131107

https://bugzilla.suse.com/1143327

https://bugzilla.suse.com/1144903

https://bugzilla.suse.com/1145477

https://bugzilla.suse.com/1145922

https://bugzilla.suse.com/1146163

https://bugzilla.suse.com/1146285

https://bugzilla.suse.com/1146361

https://bugzilla.suse.com/1146391

https://bugzilla.suse.com/1146524

https://bugzilla.suse.com/1146540

https://bugzilla.suse.com/1146547

https://bugzilla.suse.com/1146678

https://bugzilla.suse.com/1147122

https://bugzilla.suse.com/1148938

https://bugzilla.suse.com/1149376

https://bugzilla.suse.com/1149522

https://bugzilla.suse.com/1150025

https://bugzilla.suse.com/1150112

https://bugzilla.suse.com/1150452

https://bugzilla.suse.com/1150457

https://bugzilla.suse.com/1150465

https://bugzilla.suse.com/1150599

https://bugzilla.suse.com/1151347

https://bugzilla.suse.com/1151350

https://bugzilla.suse.com/1152779

https://bugzilla.suse.com/1152782

https://bugzilla.suse.com/1152786

https://bugzilla.suse.com/1152789

https://bugzilla.suse.com/1153158

https://bugzilla.suse.com/1155671

http://www.nessus.org/u?4a4cd4f8

https://www.suse.com/security/cve/CVE-2017-18509

https://www.suse.com/security/cve/CVE-2017-18551

https://www.suse.com/security/cve/CVE-2018-12207

https://www.suse.com/security/cve/CVE-2018-20976

https://www.suse.com/security/cve/CVE-2019-10220

https://www.suse.com/security/cve/CVE-2019-11135

https://www.suse.com/security/cve/CVE-2019-14821

https://www.suse.com/security/cve/CVE-2019-14835

https://www.suse.com/security/cve/CVE-2019-15118

https://www.suse.com/security/cve/CVE-2019-15212

https://www.suse.com/security/cve/CVE-2019-15216

https://www.suse.com/security/cve/CVE-2019-15217

https://www.suse.com/security/cve/CVE-2019-15219

https://www.suse.com/security/cve/CVE-2019-15291

https://www.suse.com/security/cve/CVE-2019-15292

https://www.suse.com/security/cve/CVE-2019-15505

https://www.suse.com/security/cve/CVE-2019-15807

https://www.suse.com/security/cve/CVE-2019-15902

https://www.suse.com/security/cve/CVE-2019-15927

https://www.suse.com/security/cve/CVE-2019-16232

https://www.suse.com/security/cve/CVE-2019-16233

https://www.suse.com/security/cve/CVE-2019-16234

https://www.suse.com/security/cve/CVE-2019-16413

https://www.suse.com/security/cve/CVE-2019-17052

https://www.suse.com/security/cve/CVE-2019-17053

https://www.suse.com/security/cve/CVE-2019-17054

https://www.suse.com/security/cve/CVE-2019-17055

https://www.suse.com/security/cve/CVE-2019-17133

https://www.suse.com/security/cve/CVE-2019-9456

Plugin Details

Severity: Critical

ID: 150533

File Name: suse_SU-2019-14218-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/10/2021

Updated: 6/10/2021

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

CVSS Score Source: CVE-2019-15505

VPR

Risk Factor: High

Score: 7.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-bigmem, p-cpe:/a:novell:suse_linux:kernel-bigmem-base, p-cpe:/a:novell:suse_linux:kernel-bigmem-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-ppc64, p-cpe:/a:novell:suse_linux:kernel-ppc64-base, p-cpe:/a:novell:suse_linux:kernel-ppc64-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/13/2019

Vulnerability Publication Date: 2/6/2019

Reference Information

CVE: CVE-2017-18509, CVE-2017-18551, CVE-2018-12207, CVE-2018-20976, CVE-2019-9456, CVE-2019-10220, CVE-2019-11135, CVE-2019-14821, CVE-2019-14835, CVE-2019-15118, CVE-2019-15212, CVE-2019-15216, CVE-2019-15217, CVE-2019-15219, CVE-2019-15291, CVE-2019-15292, CVE-2019-15505, CVE-2019-15807, CVE-2019-15902, CVE-2019-15927, CVE-2019-16232, CVE-2019-16233, CVE-2019-16234, CVE-2019-16413, CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17133

SuSE: SUSE-SU-2019:14218-1