SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14157-1)

medium Nessus Plugin ID 150618
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14157-1 advisory.

- In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)

- An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (CVE-2018-20855)

- An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)

- An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.
This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)

- In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. (CVE-2019-13631)

- In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)

- In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14284)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1134390

https://bugzilla.suse.com/1134399

https://bugzilla.suse.com/1138744

https://bugzilla.suse.com/1139358

https://bugzilla.suse.com/1140945

https://bugzilla.suse.com/1140965

https://bugzilla.suse.com/1141401

https://bugzilla.suse.com/1141402

https://bugzilla.suse.com/1141452

https://bugzilla.suse.com/1141453

https://bugzilla.suse.com/1141454

https://bugzilla.suse.com/1142023

https://bugzilla.suse.com/1143045

https://bugzilla.suse.com/1143179

https://bugzilla.suse.com/1143189

https://bugzilla.suse.com/1143191

http://www.nessus.org/u?542ab5fc

https://www.suse.com/security/cve/CVE-2015-9289

https://www.suse.com/security/cve/CVE-2018-20855

https://www.suse.com/security/cve/CVE-2019-1125

https://www.suse.com/security/cve/CVE-2019-11810

https://www.suse.com/security/cve/CVE-2019-13631

https://www.suse.com/security/cve/CVE-2019-14283

https://www.suse.com/security/cve/CVE-2019-14284

Plugin Details

Severity: Medium

ID: 150618

File Name: suse_SU-2019-14157-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 6/10/2021

Updated: 6/10/2021

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

CVSS Score Source: CVE-2015-9289

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-bigmem, p-cpe:/a:novell:suse_linux:kernel-bigmem-base, p-cpe:/a:novell:suse_linux:kernel-bigmem-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-ppc64, p-cpe:/a:novell:suse_linux:kernel-ppc64-base, p-cpe:/a:novell:suse_linux:kernel-ppc64-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/29/2019

Vulnerability Publication Date: 5/7/2019

Reference Information

CVE: CVE-2015-9289, CVE-2018-20855, CVE-2019-1125, CVE-2019-11810, CVE-2019-13631, CVE-2019-14283, CVE-2019-14284

SuSE: SUSE-SU-2019:14157-1

IAVA: 2019-A-0290-S, 2019-A-0293-S, 2019-A-0285-S, 2019-A-0284-S