SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3068 / 3069 / 3070)

Critical Nessus Plugin ID 51610

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.9


The remote SuSE 11 host is missing one or more security updates.


This SUSE Linux Enterprise 11 Service Pack 1 kernel contains various security fixes and lots of other bugfixes.

Notable larger bugfixes and changes :

- 603464: Fix system freezewhen doing a network crashdump with a netxen_nic driver

- 610828: Avoid kernel failure on connects/disconnects to a novell server with Novell Client 2.0

- 612009: Fix Oracle issues due to problems with OCFS

- 614332: Fix SMB processes stuck in uninteruptible sleep when using (LVS/ClusteredIP) + CTDB + OCFS2

- 619525: Fix igb driver regression

- 626321: Add patch for Apparent OCFS2 corruption after removing a bunch of reflinks

- 627518: Avoid System hangs up after failed to copy files from smb server

- 629552: Skip Tape rewind during boot or a scsi scan The following security issues were fixed :

- insufficient range checks on the ETHTOOL_GRXCLSRLALL command allowed local users to at least crash the kernel. (CVE-2010-2478)

- Specially crafted NFS write requests could crash the kernel. (CVE-2010-2521)

- a malicious local user could fill the cache used by CIFS do perform dns lookups with chosen data, therefore tricking the kernel into mounting a wrong CIFS server.

- a local user could overwrite append-only files on a btrfs file system. (CVE-2010-2537)

- a local user could read kernel memory of a btrfs file system. (CVE-2010-2538)

- local users could trigger a NULL derefence via gfs2 file system. (CVE-2010-2798)

- driver specific drm ioctl could leak kernel memory to users with access to dri devices. (CVE-2010-2803)

- 'tc dump' could leak some kernel memory. (CVE-2010-2942)

- the 'os2' xaddr namespace could be used to bypass xattr namespace rules. (CVE-2010-2946)

- integer overflows in the CAN subsystem allowed attackers to crash the kernel or gain privileges. (CVE-2010-2959)

- certain write operations on an ext4 filesystem could crash the kernel. (CVE-2010-3015)


Apply SAT patch number 3068 / 3069 / 3070 as appropriate.

See Also

Plugin Details

Severity: Critical

ID: 51610

File Name: suse_11_kernel-100903.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2011/01/21

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 8.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/09/03

Reference Information

CVE: CVE-2010-2478, CVE-2010-2521, CVE-2010-2524, CVE-2010-2537, CVE-2010-2538, CVE-2010-2798, CVE-2010-2803, CVE-2010-2942, CVE-2010-2946, CVE-2010-2959, CVE-2010-3015