openSUSE Security Update : kernel (openSUSE-SU-2013:0847-1)

High Nessus Plugin ID 75018

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.9

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 12.1 kernel was updated to fix a severe secrutiy issue and various bugs.

Security issues fixed: CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system call.

CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.

CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.

CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel did not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allowed guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.

CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel allowed guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.

CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel did not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allowed guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.

CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.

CVE-2013-0913: Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel allowed local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.

Bugs fixed :

- qlge: fix dma map leak when the last chunk is not allocated (bnc#819519).

- TTY: fix atime/mtime regression (bnc#815745).

- fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (bnc#813735).

- USB: io_ti: Fix NULL dereference in chase_port() (bnc#806976, CVE-2013-1774).

- KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797).

- KVM: Fix bounds checking in ioapic indirect register read (bnc#806980 CVE-2013-1798).

- KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796).

- kabi/severities: Allow kvm module abi changes - modules are self consistent

- loopdev: fix a deadlock (bnc#809748).

- block: use i_size_write() in bd_set_size() (bnc#809748).

- drm/i915: bounds check execbuffer relocation count (bnc#808829,CVE-2013-0913).

- tmpfs: fix use-after-free of mempolicy object (bnc#806138, CVE-2013-1767).

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=806138

https://bugzilla.novell.com/show_bug.cgi?id=806976

https://bugzilla.novell.com/show_bug.cgi?id=806980

https://bugzilla.novell.com/show_bug.cgi?id=808829

https://bugzilla.novell.com/show_bug.cgi?id=809748

https://bugzilla.novell.com/show_bug.cgi?id=813735

https://bugzilla.novell.com/show_bug.cgi?id=815745

https://bugzilla.novell.com/show_bug.cgi?id=819519

https://bugzilla.novell.com/show_bug.cgi?id=819789

https://lists.opensuse.org/opensuse-updates/2013-05/msg00039.html

Plugin Details

Severity: High

ID: 75018

File Name: openSUSE-2013-454.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2021/01/19

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 8.9

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/05/23

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2013-0913, CVE-2013-1767, CVE-2013-1774, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1928, CVE-2013-2094