SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0383-1) (Spectre)

critical Nessus Plugin ID 106672

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

- CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel in the function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839).

- CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229).

- CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928).

- CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928).

- CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).

- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).

- CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).

- CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2018-271=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-271=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-271=1

SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-271=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2018-271=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-271=1

SUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-271=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1005778

https://bugzilla.suse.com/show_bug.cgi?id=1005780

https://bugzilla.suse.com/show_bug.cgi?id=1005781

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1012917

https://bugzilla.suse.com/show_bug.cgi?id=1015342

https://bugzilla.suse.com/show_bug.cgi?id=1015343

https://bugzilla.suse.com/show_bug.cgi?id=1019784

https://bugzilla.suse.com/show_bug.cgi?id=1022476

https://bugzilla.suse.com/show_bug.cgi?id=1022595

https://bugzilla.suse.com/show_bug.cgi?id=1022912

https://bugzilla.suse.com/show_bug.cgi?id=1024296

https://bugzilla.suse.com/show_bug.cgi?id=1024376

https://bugzilla.suse.com/show_bug.cgi?id=1031395

https://bugzilla.suse.com/show_bug.cgi?id=1031492

https://bugzilla.suse.com/show_bug.cgi?id=1077871

https://bugzilla.suse.com/show_bug.cgi?id=1078002

https://bugzilla.suse.com/show_bug.cgi?id=1078681

https://bugzilla.suse.com/show_bug.cgi?id=963844

https://bugzilla.suse.com/show_bug.cgi?id=966170

https://bugzilla.suse.com/show_bug.cgi?id=966172

https://bugzilla.suse.com/show_bug.cgi?id=973818

https://bugzilla.suse.com/show_bug.cgi?id=985025

https://www.suse.com/security/cve/CVE-2017-15129/

https://www.suse.com/security/cve/CVE-2017-17712/

https://www.suse.com/security/cve/CVE-2017-17862/

https://www.suse.com/security/cve/CVE-2017-17864/

https://www.suse.com/security/cve/CVE-2017-18017/

https://www.suse.com/security/cve/CVE-2017-5715/

https://www.suse.com/security/cve/CVE-2018-1000004/

https://www.suse.com/security/cve/CVE-2018-5332/

https://www.suse.com/security/cve/CVE-2018-5333/

http://www.nessus.org/u?6ee4398f

https://bugzilla.suse.com/show_bug.cgi?id=1031717

https://bugzilla.suse.com/show_bug.cgi?id=1037838

https://bugzilla.suse.com/show_bug.cgi?id=1038078

https://bugzilla.suse.com/show_bug.cgi?id=1038085

https://bugzilla.suse.com/show_bug.cgi?id=1040182

https://bugzilla.suse.com/show_bug.cgi?id=1043652

https://bugzilla.suse.com/show_bug.cgi?id=1048325

https://bugzilla.suse.com/show_bug.cgi?id=1048585

https://bugzilla.suse.com/show_bug.cgi?id=1053472

https://bugzilla.suse.com/show_bug.cgi?id=1060279

https://bugzilla.suse.com/show_bug.cgi?id=1062129

https://bugzilla.suse.com/show_bug.cgi?id=1066163

https://bugzilla.suse.com/show_bug.cgi?id=1066223

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1068038

https://bugzilla.suse.com/show_bug.cgi?id=1068569

https://bugzilla.suse.com/show_bug.cgi?id=1068984

https://bugzilla.suse.com/show_bug.cgi?id=1069138

https://bugzilla.suse.com/show_bug.cgi?id=1069160

https://bugzilla.suse.com/show_bug.cgi?id=1070052

https://bugzilla.suse.com/show_bug.cgi?id=1070799

https://bugzilla.suse.com/show_bug.cgi?id=1072163

https://bugzilla.suse.com/show_bug.cgi?id=1072484

https://bugzilla.suse.com/show_bug.cgi?id=1073229

https://bugzilla.suse.com/show_bug.cgi?id=1073928

https://bugzilla.suse.com/show_bug.cgi?id=1074134

https://bugzilla.suse.com/show_bug.cgi?id=1074488

https://bugzilla.suse.com/show_bug.cgi?id=1074621

https://bugzilla.suse.com/show_bug.cgi?id=1074709

https://bugzilla.suse.com/show_bug.cgi?id=1074839

https://bugzilla.suse.com/show_bug.cgi?id=1074847

https://bugzilla.suse.com/show_bug.cgi?id=1075066

https://bugzilla.suse.com/show_bug.cgi?id=1075078

https://bugzilla.suse.com/show_bug.cgi?id=1075087

https://bugzilla.suse.com/show_bug.cgi?id=1075091

https://bugzilla.suse.com/show_bug.cgi?id=1075397

https://bugzilla.suse.com/show_bug.cgi?id=1075428

https://bugzilla.suse.com/show_bug.cgi?id=1075617

https://bugzilla.suse.com/show_bug.cgi?id=1075621

https://bugzilla.suse.com/show_bug.cgi?id=1075627

https://bugzilla.suse.com/show_bug.cgi?id=1075811

https://bugzilla.suse.com/show_bug.cgi?id=1075994

https://bugzilla.suse.com/show_bug.cgi?id=1076017

https://bugzilla.suse.com/show_bug.cgi?id=1076110

https://bugzilla.suse.com/show_bug.cgi?id=1076187

https://bugzilla.suse.com/show_bug.cgi?id=1076232

https://bugzilla.suse.com/show_bug.cgi?id=1076805

https://bugzilla.suse.com/show_bug.cgi?id=1076847

https://bugzilla.suse.com/show_bug.cgi?id=1076872

https://bugzilla.suse.com/show_bug.cgi?id=1076899

https://bugzilla.suse.com/show_bug.cgi?id=1077068

https://bugzilla.suse.com/show_bug.cgi?id=1077560

https://bugzilla.suse.com/show_bug.cgi?id=1077592

https://bugzilla.suse.com/show_bug.cgi?id=1077704

Plugin Details

Severity: Critical

ID: 106672

File Name: suse_SU-2018-0383-1.nasl

Version: 3.8

Type: local

Agent: unix

Published: 2/8/2018

Updated: 1/23/2020

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/7/2018

Vulnerability Publication Date: 12/16/2017

Exploitable With

Metasploit (Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation)

Reference Information

CVE: CVE-2017-15129, CVE-2017-17712, CVE-2017-17862, CVE-2017-17864, CVE-2017-18017, CVE-2017-5715, CVE-2018-1000004, CVE-2018-5332, CVE-2018-5333

IAVA: 2018-A-0020