SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14354-1)

critical Nessus Plugin ID 150557
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14354-1 advisory.

- ** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a double fetch vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used. (CVE-2019-12456)

- A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
(CVE-2019-14896)

- A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. (CVE-2019-14897)

- An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. (CVE-2019-15213)

- An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)

- The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. (CVE-2019-18660)

- The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation. (CVE-2019-18675)

- A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)

- Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)

- A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
(CVE-2019-19074)

- In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. (CVE-2019-19227)

- In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. (CVE-2019-19523)

- In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. (CVE-2019-19524)

- In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. (CVE-2019-19527)

- In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. (CVE-2019-19530)

- In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. (CVE-2019-19531)

- In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid- axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid- tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)

- In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. (CVE-2019-19537)

- In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub- buffer). (CVE-2019-19768)

- In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. (CVE-2019-19965)

- In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
(CVE-2019-19966)

- In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. (CVE-2019-20096)

- In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
(CVE-2020-10942)

- An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. (CVE-2020-11608)

- There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. (CVE-2020-8647)

- There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. (CVE-2020-8648)

- There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. (CVE-2020-8649)

- An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. (CVE-2020-9383)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1012382

https://bugzilla.suse.com/1091041

https://bugzilla.suse.com/1105327

https://bugzilla.suse.com/1131107

https://bugzilla.suse.com/1136471

https://bugzilla.suse.com/1136922

https://bugzilla.suse.com/1146519

https://bugzilla.suse.com/1146544

https://bugzilla.suse.com/1146612

https://bugzilla.suse.com/1148871

https://bugzilla.suse.com/1149448

https://bugzilla.suse.com/1152631

https://bugzilla.suse.com/1156652

https://bugzilla.suse.com/1157038

https://bugzilla.suse.com/1157070

https://bugzilla.suse.com/1157143

https://bugzilla.suse.com/1157155

https://bugzilla.suse.com/1157157

https://bugzilla.suse.com/1157303

https://bugzilla.suse.com/1157344

https://bugzilla.suse.com/1157678

https://bugzilla.suse.com/1157804

https://bugzilla.suse.com/1157923

https://bugzilla.suse.com/1158381

https://bugzilla.suse.com/1158410

https://bugzilla.suse.com/1158413

https://bugzilla.suse.com/1158427

https://bugzilla.suse.com/1158445

https://bugzilla.suse.com/1158823

https://bugzilla.suse.com/1158824

https://bugzilla.suse.com/1158834

https://bugzilla.suse.com/1158900

https://bugzilla.suse.com/1158904

https://bugzilla.suse.com/1159285

https://bugzilla.suse.com/1159841

https://bugzilla.suse.com/1159908

https://bugzilla.suse.com/1159911

https://bugzilla.suse.com/1161358

https://bugzilla.suse.com/1162928

https://bugzilla.suse.com/1162929

https://bugzilla.suse.com/1162931

https://bugzilla.suse.com/1164078

https://bugzilla.suse.com/1165111

https://bugzilla.suse.com/1165985

https://bugzilla.suse.com/1167629

https://bugzilla.suse.com/1168075

https://bugzilla.suse.com/1168829

https://bugzilla.suse.com/1168854

http://www.nessus.org/u?bc6cc79a

https://www.suse.com/security/cve/CVE-2019-12456

https://www.suse.com/security/cve/CVE-2019-14896

https://www.suse.com/security/cve/CVE-2019-14897

https://www.suse.com/security/cve/CVE-2019-15213

https://www.suse.com/security/cve/CVE-2019-15916

https://www.suse.com/security/cve/CVE-2019-18660

https://www.suse.com/security/cve/CVE-2019-18675

https://www.suse.com/security/cve/CVE-2019-19066

https://www.suse.com/security/cve/CVE-2019-19073

https://www.suse.com/security/cve/CVE-2019-19074

https://www.suse.com/security/cve/CVE-2019-19227

https://www.suse.com/security/cve/CVE-2019-19523

https://www.suse.com/security/cve/CVE-2019-19524

https://www.suse.com/security/cve/CVE-2019-19527

https://www.suse.com/security/cve/CVE-2019-19530

https://www.suse.com/security/cve/CVE-2019-19531

https://www.suse.com/security/cve/CVE-2019-19532

https://www.suse.com/security/cve/CVE-2019-19537

https://www.suse.com/security/cve/CVE-2019-19768

https://www.suse.com/security/cve/CVE-2019-19965

https://www.suse.com/security/cve/CVE-2019-19966

https://www.suse.com/security/cve/CVE-2019-20096

https://www.suse.com/security/cve/CVE-2020-10942

https://www.suse.com/security/cve/CVE-2020-11608

https://www.suse.com/security/cve/CVE-2020-8647

https://www.suse.com/security/cve/CVE-2020-8648

https://www.suse.com/security/cve/CVE-2020-8649

https://www.suse.com/security/cve/CVE-2020-9383

Plugin Details

Severity: Critical

ID: 150557

File Name: suse_SU-2020-14354-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/10/2021

Updated: 6/10/2021

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

CVSS Score Source: CVE-2019-14896

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-bigmem, p-cpe:/a:novell:suse_linux:kernel-bigmem-base, p-cpe:/a:novell:suse_linux:kernel-bigmem-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-ppc64, p-cpe:/a:novell:suse_linux:kernel-ppc64-base, p-cpe:/a:novell:suse_linux:kernel-ppc64-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/30/2020

Vulnerability Publication Date: 5/30/2019

Reference Information

CVE: CVE-2019-12456, CVE-2019-14896, CVE-2019-14897, CVE-2019-15213, CVE-2019-15916, CVE-2019-18660, CVE-2019-18675, CVE-2019-19066, CVE-2019-19073, CVE-2019-19074, CVE-2019-19227, CVE-2019-19523, CVE-2019-19524, CVE-2019-19527, CVE-2019-19530, CVE-2019-19531, CVE-2019-19532, CVE-2019-19537, CVE-2019-19768, CVE-2019-19965, CVE-2019-19966, CVE-2019-20096, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, CVE-2020-9383, CVE-2020-10942, CVE-2020-11608

SuSE: SUSE-SU-2020:14354-1