The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14218-1 advisory.

  - An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket     option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general     protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be     triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after     namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of     the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before     4.9.187. (CVE-2017-18509)

  - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an     out of bounds write in the function i2c_smbus_xfer_emulated. (CVE-2017-18551)

  - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R)     Processors may allow an authenticated user to potentially enable denial of service of the host system via     local access. (CVE-2018-12207)

  - An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists,     related to xfs_fs_fill_super failure. (CVE-2018-20976)

  - Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory     entry lists. (CVE-2019-10220)

  - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated     user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)

  - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux     kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer     'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be     supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'     device could use this flaw to crash the host kernel, resulting in a denial of service or potentially     escalating privileges on the system. (CVE-2019-14821)

  - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost     functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A     privileged guest user able to pass descriptors with invalid length to the host when migration is underway,     could use this flaw to increase their privileges on the host. (CVE-2019-14835)

  - check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to     kernel stack exhaustion. (CVE-2019-15118)

  - An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB     device in the drivers/usb/misc/rio500.c driver. (CVE-2019-15212)

  - An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a     malicious USB device in the drivers/usb/misc/yurex.c driver. (CVE-2019-15216)

  - An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a     malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (CVE-2019-15217)

  - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a     malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (CVE-2019-15219)

  - An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a     malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.
    (CVE-2019-15291)

  - An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit,     related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
    (CVE-2019-15292)

  - drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via     crafted USB device traffic (which may be remote via usbip or usbredir). (CVE-2019-15505)

  - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS     expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)

  - A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x     through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the     upstream x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() commit reintroduced the Spectre     vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry     picking specific commits, and because two (correctly ordered) code lines were swapped. (CVE-2019-15902)

  - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function     build_audio_procunit in the file sound/usb/mixer.c. (CVE-2019-15927)

  - drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the     alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16232)

  - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value,     leading to a NULL pointer dereference. (CVE-2019-16233)

  - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the     alloc_workqueue return value, leading to a NULL pointer dereference. (CVE-2019-16234)

  - An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write()     properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
    (CVE-2019-16413)

  - ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2     does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka     CID-0614e2b73768. (CVE-2019-17052)

  - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel     through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket,     aka CID-e69dbd4619e7. (CVE-2019-17053)

  - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2     does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka     CID-6cc03e8aa36c. (CVE-2019-17054)

  - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through     5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka     CID-b91ee4aa2a21. (CVE-2019-17055)

  - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a     long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)

  - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds     check. This could lead to local escalation of privilege with System execution privileges needed. User     interaction is not needed for exploitation. (CVE-2019-9456)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14218-1)

critical Nessus Plugin ID 150533

Version 1.3