SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0555-1) (Meltdown) (Spectre)

critical Nessus Plugin ID 107055

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).

- CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).

- CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).

- CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).

- CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355).

- CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).

- CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908).

- CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-kernel-20180207-13491=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-kernel-20180207-13491=1

SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch slexsp3-kernel-20180207-13491=1

SUSE Linux Enterprise Real Time Extension 11-SP4:zypper in -t patch slertesp4-kernel-20180207-13491=1

SUSE Linux Enterprise High Availability Extension 11-SP4:zypper in -t patch slehasp4-kernel-20180207-13491=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-kernel-20180207-13491=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1045538

https://bugzilla.suse.com/show_bug.cgi?id=1048585

https://bugzilla.suse.com/show_bug.cgi?id=1050431

https://bugzilla.suse.com/show_bug.cgi?id=1054305

https://bugzilla.suse.com/show_bug.cgi?id=1059174

https://bugzilla.suse.com/show_bug.cgi?id=1060279

https://bugzilla.suse.com/show_bug.cgi?id=1060682

https://bugzilla.suse.com/show_bug.cgi?id=1063544

https://bugzilla.suse.com/show_bug.cgi?id=1064861

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1068984

https://bugzilla.suse.com/show_bug.cgi?id=1069508

https://bugzilla.suse.com/show_bug.cgi?id=1070623

https://bugzilla.suse.com/show_bug.cgi?id=1070781

https://bugzilla.suse.com/show_bug.cgi?id=1073311

https://bugzilla.suse.com/show_bug.cgi?id=1074488

https://bugzilla.suse.com/show_bug.cgi?id=1074621

https://bugzilla.suse.com/show_bug.cgi?id=1074880

https://bugzilla.suse.com/show_bug.cgi?id=1075088

https://bugzilla.suse.com/show_bug.cgi?id=1075091

https://bugzilla.suse.com/show_bug.cgi?id=1075410

https://bugzilla.suse.com/show_bug.cgi?id=1075617

https://bugzilla.suse.com/show_bug.cgi?id=1075621

https://bugzilla.suse.com/show_bug.cgi?id=1075908

https://bugzilla.suse.com/show_bug.cgi?id=1075994

https://bugzilla.suse.com/show_bug.cgi?id=1076017

https://bugzilla.suse.com/show_bug.cgi?id=1076154

https://bugzilla.suse.com/show_bug.cgi?id=1076278

https://bugzilla.suse.com/show_bug.cgi?id=1076437

https://bugzilla.suse.com/show_bug.cgi?id=1076849

https://bugzilla.suse.com/show_bug.cgi?id=1077191

https://bugzilla.suse.com/show_bug.cgi?id=1077355

https://bugzilla.suse.com/show_bug.cgi?id=1077406

https://bugzilla.suse.com/show_bug.cgi?id=1077487

https://bugzilla.suse.com/show_bug.cgi?id=1077560

https://bugzilla.suse.com/show_bug.cgi?id=1077922

https://bugzilla.suse.com/show_bug.cgi?id=1078875

https://bugzilla.suse.com/show_bug.cgi?id=1079917

https://bugzilla.suse.com/show_bug.cgi?id=1080133

https://bugzilla.suse.com/show_bug.cgi?id=1080359

https://bugzilla.suse.com/show_bug.cgi?id=1080363

https://bugzilla.suse.com/show_bug.cgi?id=1080372

https://bugzilla.suse.com/show_bug.cgi?id=1080579

https://bugzilla.suse.com/show_bug.cgi?id=1080685

https://bugzilla.suse.com/show_bug.cgi?id=1080774

https://bugzilla.suse.com/show_bug.cgi?id=1081500

https://bugzilla.suse.com/show_bug.cgi?id=936530

https://bugzilla.suse.com/show_bug.cgi?id=962257

https://www.suse.com/security/cve/CVE-2015-1142857/

https://www.suse.com/security/cve/CVE-2017-13215/

https://www.suse.com/security/cve/CVE-2017-17741/

https://www.suse.com/security/cve/CVE-2017-18017/

https://www.suse.com/security/cve/CVE-2017-18079/

https://www.suse.com/security/cve/CVE-2017-5715/

https://www.suse.com/security/cve/CVE-2018-1000004/

https://www.suse.com/security/cve/CVE-2018-5332/

https://www.suse.com/security/cve/CVE-2018-5333/

http://www.nessus.org/u?be83bfc0

Plugin Details

Severity: Critical

ID: 107055

File Name: suse_SU-2018-0555-1.nasl

Version: 3.8

Type: local

Agent: unix

Published: 2/28/2018

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-trace-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-pae-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/27/2018

Vulnerability Publication Date: 12/18/2017

Exploitable With

Metasploit (Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation)

Reference Information

CVE: CVE-2015-1142857, CVE-2017-13215, CVE-2017-17741, CVE-2017-18017, CVE-2017-18079, CVE-2017-5715, CVE-2017-5754, CVE-2018-1000004, CVE-2018-5332, CVE-2018-5333

IAVA: 2018-A-0019, 2018-A-0020