Detections
Analytics
openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)
high Nessus Plugin ID 110658
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes.The following security bugs were fixed :
- CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1085308 bsc#1087082) This update improves the previous Spectre Variant 4 fixes and also mitigates them on the ARM architecture.
- CVE-2018-3665: The FPU state and registers of x86 CPUs were saved and restored in a lazy fashion, which opened its disclosure by speculative side channel attacks. This has been fixed by replacing the lazy save/restore by eager saving and restoring (bnc#1087086)
- CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow (bnc#1097356).
- CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036).
- CVE-2017-18241: fs/f2fs/segment.c kernel allowed local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400).
- CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311 1091815).
- CVE-2017-13305: A information disclosure vulnerability in the encrypted-keys. (bnc#1094353).
- CVE-2018-1093: The ext4_valid_block_bitmap function in fs/ext4/balloc.c allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bnc#1087095).
- CVE-2018-1094: The ext4_fill_super function in fs/ext4/super.c did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bnc#1087007 1092903).
- CVE-2018-1092: The ext4_iget function in fs/ext4/inode.c mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bnc#1087012).
- CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c, a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. (bsc#1097234)
Solution
Update the affected the Linux Kernel packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1012382
https://bugzilla.opensuse.org/show_bug.cgi?id=1019695
https://bugzilla.opensuse.org/show_bug.cgi?id=1019699
https://bugzilla.opensuse.org/show_bug.cgi?id=1022604
https://bugzilla.opensuse.org/show_bug.cgi?id=1022607
https://bugzilla.opensuse.org/show_bug.cgi?id=1022743
https://bugzilla.opensuse.org/show_bug.cgi?id=1024718
https://bugzilla.opensuse.org/show_bug.cgi?id=1031492
https://bugzilla.opensuse.org/show_bug.cgi?id=1031717
https://bugzilla.opensuse.org/show_bug.cgi?id=1035432
https://bugzilla.opensuse.org/show_bug.cgi?id=1036215
https://bugzilla.opensuse.org/show_bug.cgi?id=1041740
https://bugzilla.opensuse.org/show_bug.cgi?id=1045330
https://bugzilla.opensuse.org/show_bug.cgi?id=1056415
https://bugzilla.opensuse.org/show_bug.cgi?id=1066223
https://bugzilla.opensuse.org/show_bug.cgi?id=1068032
https://bugzilla.opensuse.org/show_bug.cgi?id=1068054
https://bugzilla.opensuse.org/show_bug.cgi?id=1068951
https://bugzilla.opensuse.org/show_bug.cgi?id=1070404
https://bugzilla.opensuse.org/show_bug.cgi?id=1073311
https://bugzilla.opensuse.org/show_bug.cgi?id=1075428
https://bugzilla.opensuse.org/show_bug.cgi?id=1076049
https://bugzilla.opensuse.org/show_bug.cgi?id=1078583
https://bugzilla.opensuse.org/show_bug.cgi?id=1079152
https://bugzilla.opensuse.org/show_bug.cgi?id=1080542
https://bugzilla.opensuse.org/show_bug.cgi?id=1080656
https://bugzilla.opensuse.org/show_bug.cgi?id=1081500
https://bugzilla.opensuse.org/show_bug.cgi?id=1081514
https://bugzilla.opensuse.org/show_bug.cgi?id=1082153
https://bugzilla.opensuse.org/show_bug.cgi?id=1082504
https://bugzilla.opensuse.org/show_bug.cgi?id=1082979
https://bugzilla.opensuse.org/show_bug.cgi?id=1085308
https://bugzilla.opensuse.org/show_bug.cgi?id=1086400
https://bugzilla.opensuse.org/show_bug.cgi?id=1086716
https://bugzilla.opensuse.org/show_bug.cgi?id=1087007
https://bugzilla.opensuse.org/show_bug.cgi?id=1087012
https://bugzilla.opensuse.org/show_bug.cgi?id=1087036
https://bugzilla.opensuse.org/show_bug.cgi?id=1087082
https://bugzilla.opensuse.org/show_bug.cgi?id=1087086
https://bugzilla.opensuse.org/show_bug.cgi?id=1087095
https://bugzilla.opensuse.org/show_bug.cgi?id=1088871
https://bugzilla.opensuse.org/show_bug.cgi?id=1090435
https://bugzilla.opensuse.org/show_bug.cgi?id=1090534
https://bugzilla.opensuse.org/show_bug.cgi?id=1090734
https://bugzilla.opensuse.org/show_bug.cgi?id=1090955
https://bugzilla.opensuse.org/show_bug.cgi?id=1091594
https://bugzilla.opensuse.org/show_bug.cgi?id=1091815
https://bugzilla.opensuse.org/show_bug.cgi?id=1092552
https://bugzilla.opensuse.org/show_bug.cgi?id=1092813
https://bugzilla.opensuse.org/show_bug.cgi?id=1092903
https://bugzilla.opensuse.org/show_bug.cgi?id=1093533
https://bugzilla.opensuse.org/show_bug.cgi?id=1093904
https://bugzilla.opensuse.org/show_bug.cgi?id=1094177
https://bugzilla.opensuse.org/show_bug.cgi?id=1094268
https://bugzilla.opensuse.org/show_bug.cgi?id=1094353
https://bugzilla.opensuse.org/show_bug.cgi?id=1094356
https://bugzilla.opensuse.org/show_bug.cgi?id=1094405
https://bugzilla.opensuse.org/show_bug.cgi?id=1094466
https://bugzilla.opensuse.org/show_bug.cgi?id=1094532
https://bugzilla.opensuse.org/show_bug.cgi?id=1094823
https://bugzilla.opensuse.org/show_bug.cgi?id=1094840
https://bugzilla.opensuse.org/show_bug.cgi?id=1095042
https://bugzilla.opensuse.org/show_bug.cgi?id=1095147
https://bugzilla.opensuse.org/show_bug.cgi?id=1096037
https://bugzilla.opensuse.org/show_bug.cgi?id=1096140
https://bugzilla.opensuse.org/show_bug.cgi?id=1096214
https://bugzilla.opensuse.org/show_bug.cgi?id=1096242
https://bugzilla.opensuse.org/show_bug.cgi?id=1096281
https://bugzilla.opensuse.org/show_bug.cgi?id=1096751
https://bugzilla.opensuse.org/show_bug.cgi?id=1096982
https://bugzilla.opensuse.org/show_bug.cgi?id=1097234
https://bugzilla.opensuse.org/show_bug.cgi?id=1097356
https://bugzilla.opensuse.org/show_bug.cgi?id=1098009
https://bugzilla.opensuse.org/show_bug.cgi?id=1098012
https://bugzilla.opensuse.org/show_bug.cgi?id=971975
Plugin Details
Severity: High
ID: 110658
File Name: openSUSE-2018-656.nasl
Version: 1.8
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/22/2018
Updated: 9/18/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-12233
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2018-5848
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kselftests-kmp-debug, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:kselftests-kmp-default, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-docs-html
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/21/2018
Vulnerability Publication Date: 12/18/2017
Reference Information
CVE: CVE-2017-13305, CVE-2017-17741, CVE-2017-18241, CVE-2017-18249, CVE-2018-1092, CVE-2018-1093, CVE-2018-1094, CVE-2018-12233, CVE-2018-3639, CVE-2018-3665, CVE-2018-5848