SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2092-1) (Spectre)

high Nessus Plugin ID 120067

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new feature was added :

- NVDIMM memory error notification (ACPI 6.2) The following security bugs were fixed :

- CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418)

- CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924)

- CVE-2018-9385: Prevent overread of the 'driver_override' buffer (bsc#1100491)

- CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416)

- CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bsc#1068032)

- CVE-2018-1118: Linux kernel vhost did not properly initialize memory in messages passed between virtual guests and the host operating system. This could have allowed local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file (bsc#1092472)

- CVE-2018-12233: A memory corruption bug in JFS could have been triggered by calling setxattr twice with two different extended attribute names on the same file.
This vulnerability could be triggered by an unprivileged user with the ability to create files and execute programs (bsc#1097234)

- CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)

- CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728)

- CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082)

- CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker could have caused utilities from psutils or procps (such as ps, w) to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks) (bsc#1093158)

- CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007)

- CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012)

- 1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095)

- CVE-2018-1000200: Prevent NULL pointer dereference which could have resulted in an out of memory (OOM) killing of large mlocked processes (bsc#1090150)

- CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904)

- CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900)

- CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962)

- CVE-2018-8781: The udl_fb_mmap function had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090643)

- CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752)

- CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the

-INT_MIN value (bnc#1089608)

- CVE-2017-5715: Prevent unauthorized disclosure of information to an attacker with local user access caused by speculative execution and indirect branch prediction (bsc#1068032)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 15:zypper in -t patch SUSE-SLE-Product-WE-15-2018-1420=1

SUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2018-1420=1

SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch SUSE-SLE-Module-Legacy-15-2018-1420=1

SUSE Linux Enterprise Module for Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-1420=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1420=1

SUSE Linux Enterprise High Availability 15:zypper in -t patch SUSE-SLE-Product-HA-15-2018-1420=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1046303

https://bugzilla.suse.com/show_bug.cgi?id=1046305

https://bugzilla.suse.com/show_bug.cgi?id=1046306

https://bugzilla.suse.com/show_bug.cgi?id=1046307

https://bugzilla.suse.com/show_bug.cgi?id=1046540

https://bugzilla.suse.com/show_bug.cgi?id=1046542

https://bugzilla.suse.com/show_bug.cgi?id=1046543

https://bugzilla.suse.com/show_bug.cgi?id=1048129

https://bugzilla.suse.com/show_bug.cgi?id=1050242

https://bugzilla.suse.com/show_bug.cgi?id=1050252

https://bugzilla.suse.com/show_bug.cgi?id=1050529

https://bugzilla.suse.com/show_bug.cgi?id=1050536

https://bugzilla.suse.com/show_bug.cgi?id=1050538

https://bugzilla.suse.com/show_bug.cgi?id=1050545

https://bugzilla.suse.com/show_bug.cgi?id=1050549

https://bugzilla.suse.com/show_bug.cgi?id=1050662

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1052766

https://bugzilla.suse.com/show_bug.cgi?id=1055968

https://bugzilla.suse.com/show_bug.cgi?id=1056427

https://bugzilla.suse.com/show_bug.cgi?id=1056643

https://bugzilla.suse.com/show_bug.cgi?id=1056651

https://bugzilla.suse.com/show_bug.cgi?id=1056653

https://bugzilla.suse.com/show_bug.cgi?id=1056657

https://bugzilla.suse.com/show_bug.cgi?id=1056658

https://bugzilla.suse.com/show_bug.cgi?id=1056662

https://bugzilla.suse.com/show_bug.cgi?id=1056686

https://bugzilla.suse.com/show_bug.cgi?id=1056787

https://bugzilla.suse.com/show_bug.cgi?id=1058115

https://bugzilla.suse.com/show_bug.cgi?id=1058513

https://bugzilla.suse.com/show_bug.cgi?id=1058659

https://bugzilla.suse.com/show_bug.cgi?id=1058717

https://bugzilla.suse.com/show_bug.cgi?id=1060463

https://bugzilla.suse.com/show_bug.cgi?id=1061024

https://bugzilla.suse.com/show_bug.cgi?id=1061840

https://bugzilla.suse.com/show_bug.cgi?id=1062897

https://bugzilla.suse.com/show_bug.cgi?id=1064802

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1066110

https://bugzilla.suse.com/show_bug.cgi?id=1066129

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1068054

https://bugzilla.suse.com/show_bug.cgi?id=1071218

https://bugzilla.suse.com/show_bug.cgi?id=1071995

https://bugzilla.suse.com/show_bug.cgi?id=1072829

https://bugzilla.suse.com/show_bug.cgi?id=1072856

https://bugzilla.suse.com/show_bug.cgi?id=1073513

https://bugzilla.suse.com/show_bug.cgi?id=1073765

https://bugzilla.suse.com/show_bug.cgi?id=1097356

https://bugzilla.suse.com/show_bug.cgi?id=1097373

https://bugzilla.suse.com/show_bug.cgi?id=1097439

https://bugzilla.suse.com/show_bug.cgi?id=1097465

https://bugzilla.suse.com/show_bug.cgi?id=1097468

https://bugzilla.suse.com/show_bug.cgi?id=1097470

https://bugzilla.suse.com/show_bug.cgi?id=1097471

https://bugzilla.suse.com/show_bug.cgi?id=1073960

https://bugzilla.suse.com/show_bug.cgi?id=1074562

https://bugzilla.suse.com/show_bug.cgi?id=1074578

https://bugzilla.suse.com/show_bug.cgi?id=1074701

https://bugzilla.suse.com/show_bug.cgi?id=1074741

https://bugzilla.suse.com/show_bug.cgi?id=1074873

https://bugzilla.suse.com/show_bug.cgi?id=1097472

https://bugzilla.suse.com/show_bug.cgi?id=1097551

https://bugzilla.suse.com/show_bug.cgi?id=1097780

https://bugzilla.suse.com/show_bug.cgi?id=1097796

https://bugzilla.suse.com/show_bug.cgi?id=1097800

https://bugzilla.suse.com/show_bug.cgi?id=1097941

https://bugzilla.suse.com/show_bug.cgi?id=1097961

https://bugzilla.suse.com/show_bug.cgi?id=1098016

https://bugzilla.suse.com/show_bug.cgi?id=1098043

https://bugzilla.suse.com/show_bug.cgi?id=1098050

https://bugzilla.suse.com/show_bug.cgi?id=1098174

https://bugzilla.suse.com/show_bug.cgi?id=1098176

https://bugzilla.suse.com/show_bug.cgi?id=1098236

https://bugzilla.suse.com/show_bug.cgi?id=1098401

https://bugzilla.suse.com/show_bug.cgi?id=1098425

https://bugzilla.suse.com/show_bug.cgi?id=1098435

https://bugzilla.suse.com/show_bug.cgi?id=1098599

https://bugzilla.suse.com/show_bug.cgi?id=1098626

https://bugzilla.suse.com/show_bug.cgi?id=1098706

https://bugzilla.suse.com/show_bug.cgi?id=1098983

https://bugzilla.suse.com/show_bug.cgi?id=1098995

https://bugzilla.suse.com/show_bug.cgi?id=1099029

https://bugzilla.suse.com/show_bug.cgi?id=1099041

https://bugzilla.suse.com/show_bug.cgi?id=1099109

https://bugzilla.suse.com/show_bug.cgi?id=1099142

https://bugzilla.suse.com/show_bug.cgi?id=1099183

https://bugzilla.suse.com/show_bug.cgi?id=1099715

https://bugzilla.suse.com/show_bug.cgi?id=1099792

https://bugzilla.suse.com/show_bug.cgi?id=1099918

https://bugzilla.suse.com/show_bug.cgi?id=1099924

https://bugzilla.suse.com/show_bug.cgi?id=1099966

https://bugzilla.suse.com/show_bug.cgi?id=1100132

https://bugzilla.suse.com/show_bug.cgi?id=1100209

https://bugzilla.suse.com/show_bug.cgi?id=1100340

https://bugzilla.suse.com/show_bug.cgi?id=1100362

https://bugzilla.suse.com/show_bug.cgi?id=1100382

https://bugzilla.suse.com/show_bug.cgi?id=1100394

https://bugzilla.suse.com/show_bug.cgi?id=1100416

https://bugzilla.suse.com/show_bug.cgi?id=1100418

https://bugzilla.suse.com/show_bug.cgi?id=1100491

https://bugzilla.suse.com/show_bug.cgi?id=1100602

https://bugzilla.suse.com/show_bug.cgi?id=1100633

https://bugzilla.suse.com/show_bug.cgi?id=1100843

https://bugzilla.suse.com/show_bug.cgi?id=1101296

https://bugzilla.suse.com/show_bug.cgi?id=1101315

https://bugzilla.suse.com/show_bug.cgi?id=1101324

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=975772

https://www.suse.com/security/cve/CVE-2017-5715/

https://www.suse.com/security/cve/CVE-2017-5753/

https://www.suse.com/security/cve/CVE-2018-1000200/

https://www.suse.com/security/cve/CVE-2018-1000204/

https://www.suse.com/security/cve/CVE-2018-10087/

https://www.suse.com/security/cve/CVE-2018-10124/

https://www.suse.com/security/cve/CVE-2018-1092/

https://www.suse.com/security/cve/CVE-2018-1093/

https://www.suse.com/security/cve/CVE-2018-1094/

https://www.suse.com/security/cve/CVE-2018-1118/

https://www.suse.com/security/cve/CVE-2018-1120/

https://www.suse.com/security/cve/CVE-2018-1130/

https://www.suse.com/security/cve/CVE-2018-12233/

https://www.suse.com/security/cve/CVE-2018-13053/

https://www.suse.com/security/cve/CVE-2018-13405/

https://www.suse.com/security/cve/CVE-2018-13406/

https://www.suse.com/security/cve/CVE-2018-3639/

https://www.suse.com/security/cve/CVE-2018-5803/

https://www.suse.com/security/cve/CVE-2018-5848/

https://www.suse.com/security/cve/CVE-2018-7492/

https://www.suse.com/security/cve/CVE-2018-8781/

https://www.suse.com/security/cve/CVE-2018-9385/

http://www.nessus.org/u?719931e5

https://bugzilla.suse.com/show_bug.cgi?id=1074919

https://bugzilla.suse.com/show_bug.cgi?id=1075006

https://bugzilla.suse.com/show_bug.cgi?id=1075007

https://bugzilla.suse.com/show_bug.cgi?id=1075262

https://bugzilla.suse.com/show_bug.cgi?id=1075419

https://bugzilla.suse.com/show_bug.cgi?id=1075748

https://bugzilla.suse.com/show_bug.cgi?id=1075876

https://bugzilla.suse.com/show_bug.cgi?id=1076049

https://bugzilla.suse.com/show_bug.cgi?id=1076115

https://bugzilla.suse.com/show_bug.cgi?id=1076372

https://bugzilla.suse.com/show_bug.cgi?id=1076830

https://bugzilla.suse.com/show_bug.cgi?id=1077338

https://bugzilla.suse.com/show_bug.cgi?id=1078248

https://bugzilla.suse.com/show_bug.cgi?id=1078353

https://bugzilla.suse.com/show_bug.cgi?id=1079152

https://bugzilla.suse.com/show_bug.cgi?id=1079747

https://bugzilla.suse.com/show_bug.cgi?id=1080039

https://bugzilla.suse.com/show_bug.cgi?id=1080542

https://bugzilla.suse.com/show_bug.cgi?id=1081599

https://bugzilla.suse.com/show_bug.cgi?id=1082485

https://bugzilla.suse.com/show_bug.cgi?id=1082504

https://bugzilla.suse.com/show_bug.cgi?id=1082869

https://bugzilla.suse.com/show_bug.cgi?id=1082962

https://bugzilla.suse.com/show_bug.cgi?id=1083647

https://bugzilla.suse.com/show_bug.cgi?id=1083900

https://bugzilla.suse.com/show_bug.cgi?id=1084001

https://bugzilla.suse.com/show_bug.cgi?id=1084570

https://bugzilla.suse.com/show_bug.cgi?id=1085308

https://bugzilla.suse.com/show_bug.cgi?id=1085539

https://bugzilla.suse.com/show_bug.cgi?id=1085626

https://bugzilla.suse.com/show_bug.cgi?id=1085933

https://bugzilla.suse.com/show_bug.cgi?id=1085936

https://bugzilla.suse.com/show_bug.cgi?id=1085937

https://bugzilla.suse.com/show_bug.cgi?id=1085938

https://bugzilla.suse.com/show_bug.cgi?id=1085939

https://bugzilla.suse.com/show_bug.cgi?id=1085941

https://bugzilla.suse.com/show_bug.cgi?id=1086282

https://bugzilla.suse.com/show_bug.cgi?id=1086283

https://bugzilla.suse.com/show_bug.cgi?id=1086286

https://bugzilla.suse.com/show_bug.cgi?id=1086288

https://bugzilla.suse.com/show_bug.cgi?id=1086319

https://bugzilla.suse.com/show_bug.cgi?id=1086323

https://bugzilla.suse.com/show_bug.cgi?id=1086400

https://bugzilla.suse.com/show_bug.cgi?id=1086652

https://bugzilla.suse.com/show_bug.cgi?id=1086739

https://bugzilla.suse.com/show_bug.cgi?id=1087078

https://bugzilla.suse.com/show_bug.cgi?id=1087082

https://bugzilla.suse.com/show_bug.cgi?id=1087084

https://bugzilla.suse.com/show_bug.cgi?id=1087092

https://bugzilla.suse.com/show_bug.cgi?id=1087205

https://bugzilla.suse.com/show_bug.cgi?id=1087210

https://bugzilla.suse.com/show_bug.cgi?id=1087213

https://bugzilla.suse.com/show_bug.cgi?id=1087214

https://bugzilla.suse.com/show_bug.cgi?id=1087284

https://bugzilla.suse.com/show_bug.cgi?id=1087405

https://bugzilla.suse.com/show_bug.cgi?id=1087458

https://bugzilla.suse.com/show_bug.cgi?id=1087939

https://bugzilla.suse.com/show_bug.cgi?id=1087978

https://bugzilla.suse.com/show_bug.cgi?id=1088354

https://bugzilla.suse.com/show_bug.cgi?id=1088690

https://bugzilla.suse.com/show_bug.cgi?id=1088704

https://bugzilla.suse.com/show_bug.cgi?id=1088722

https://bugzilla.suse.com/show_bug.cgi?id=1088796

https://bugzilla.suse.com/show_bug.cgi?id=1088804

https://bugzilla.suse.com/show_bug.cgi?id=1088821

https://bugzilla.suse.com/show_bug.cgi?id=1088866

https://bugzilla.suse.com/show_bug.cgi?id=1089115

https://bugzilla.suse.com/show_bug.cgi?id=1089268

https://bugzilla.suse.com/show_bug.cgi?id=1089467

https://bugzilla.suse.com/show_bug.cgi?id=1089608

https://bugzilla.suse.com/show_bug.cgi?id=1089663

https://bugzilla.suse.com/show_bug.cgi?id=1089664

https://bugzilla.suse.com/show_bug.cgi?id=1089667

https://bugzilla.suse.com/show_bug.cgi?id=1089669

https://bugzilla.suse.com/show_bug.cgi?id=1089752

https://bugzilla.suse.com/show_bug.cgi?id=1089753

https://bugzilla.suse.com/show_bug.cgi?id=1089878

https://bugzilla.suse.com/show_bug.cgi?id=1090150

https://bugzilla.suse.com/show_bug.cgi?id=1090457

https://bugzilla.suse.com/show_bug.cgi?id=1090605

https://bugzilla.suse.com/show_bug.cgi?id=1090643

https://bugzilla.suse.com/show_bug.cgi?id=1090646

https://bugzilla.suse.com/show_bug.cgi?id=1090658

https://bugzilla.suse.com/show_bug.cgi?id=1090734

https://bugzilla.suse.com/show_bug.cgi?id=1090888

https://bugzilla.suse.com/show_bug.cgi?id=1090953

https://bugzilla.suse.com/show_bug.cgi?id=1091158

https://bugzilla.suse.com/show_bug.cgi?id=1091171

https://bugzilla.suse.com/show_bug.cgi?id=1091424

https://bugzilla.suse.com/show_bug.cgi?id=1091594

https://bugzilla.suse.com/show_bug.cgi?id=1091666

https://bugzilla.suse.com/show_bug.cgi?id=1091678

https://bugzilla.suse.com/show_bug.cgi?id=1091686

https://bugzilla.suse.com/show_bug.cgi?id=1091781

https://bugzilla.suse.com/show_bug.cgi?id=1091782

https://bugzilla.suse.com/show_bug.cgi?id=1091815

https://bugzilla.suse.com/show_bug.cgi?id=1091860

https://bugzilla.suse.com/show_bug.cgi?id=1091960

https://bugzilla.suse.com/show_bug.cgi?id=1092100

https://bugzilla.suse.com/show_bug.cgi?id=1092472

https://bugzilla.suse.com/show_bug.cgi?id=1092710

https://bugzilla.suse.com/show_bug.cgi?id=1092772

https://bugzilla.suse.com/show_bug.cgi?id=1092888

https://bugzilla.suse.com/show_bug.cgi?id=1092904

https://bugzilla.suse.com/show_bug.cgi?id=1092975

https://bugzilla.suse.com/show_bug.cgi?id=1093023

https://bugzilla.suse.com/show_bug.cgi?id=1093027

https://bugzilla.suse.com/show_bug.cgi?id=1093035

https://bugzilla.suse.com/show_bug.cgi?id=1093118

https://bugzilla.suse.com/show_bug.cgi?id=1093148

https://bugzilla.suse.com/show_bug.cgi?id=1093158

https://bugzilla.suse.com/show_bug.cgi?id=1093184

https://bugzilla.suse.com/show_bug.cgi?id=1093205

https://bugzilla.suse.com/show_bug.cgi?id=1093273

https://bugzilla.suse.com/show_bug.cgi?id=1093290

https://bugzilla.suse.com/show_bug.cgi?id=1093604

https://bugzilla.suse.com/show_bug.cgi?id=1093641

https://bugzilla.suse.com/show_bug.cgi?id=1093649

https://bugzilla.suse.com/show_bug.cgi?id=1093653

https://bugzilla.suse.com/show_bug.cgi?id=1093655

https://bugzilla.suse.com/show_bug.cgi?id=1093657

https://bugzilla.suse.com/show_bug.cgi?id=1093663

https://bugzilla.suse.com/show_bug.cgi?id=1093721

https://bugzilla.suse.com/show_bug.cgi?id=1093728

https://bugzilla.suse.com/show_bug.cgi?id=1093904

https://bugzilla.suse.com/show_bug.cgi?id=1093990

https://bugzilla.suse.com/show_bug.cgi?id=1094244

https://bugzilla.suse.com/show_bug.cgi?id=1094356

https://bugzilla.suse.com/show_bug.cgi?id=1094420

https://bugzilla.suse.com/show_bug.cgi?id=1094541

https://bugzilla.suse.com/show_bug.cgi?id=1094575

https://bugzilla.suse.com/show_bug.cgi?id=1094751

https://bugzilla.suse.com/show_bug.cgi?id=1094825

https://bugzilla.suse.com/show_bug.cgi?id=1094840

https://bugzilla.suse.com/show_bug.cgi?id=1094912

https://bugzilla.suse.com/show_bug.cgi?id=1094978

https://bugzilla.suse.com/show_bug.cgi?id=1095042

https://bugzilla.suse.com/show_bug.cgi?id=1095094

https://bugzilla.suse.com/show_bug.cgi?id=1095115

https://bugzilla.suse.com/show_bug.cgi?id=1095155

https://bugzilla.suse.com/show_bug.cgi?id=1095265

https://bugzilla.suse.com/show_bug.cgi?id=1095321

https://bugzilla.suse.com/show_bug.cgi?id=1095337

https://bugzilla.suse.com/show_bug.cgi?id=1095467

https://bugzilla.suse.com/show_bug.cgi?id=1095573

https://bugzilla.suse.com/show_bug.cgi?id=1095735

https://bugzilla.suse.com/show_bug.cgi?id=1095893

https://bugzilla.suse.com/show_bug.cgi?id=1096065

https://bugzilla.suse.com/show_bug.cgi?id=1096480

https://bugzilla.suse.com/show_bug.cgi?id=1096529

https://bugzilla.suse.com/show_bug.cgi?id=1096696

https://bugzilla.suse.com/show_bug.cgi?id=1096705

https://bugzilla.suse.com/show_bug.cgi?id=1096728

https://bugzilla.suse.com/show_bug.cgi?id=1096753

https://bugzilla.suse.com/show_bug.cgi?id=1096790

https://bugzilla.suse.com/show_bug.cgi?id=1096793

https://bugzilla.suse.com/show_bug.cgi?id=1097034

https://bugzilla.suse.com/show_bug.cgi?id=1097105

https://bugzilla.suse.com/show_bug.cgi?id=1097234

Plugin Details

Severity: High

ID: 120067

File Name: suse_SU-2018-2092-1.nasl

Version: 1.7

Type: local

Agent: unix

Published: 1/2/2019

Updated: 7/11/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-8781

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2018-9385

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource, p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource, p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-base, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/27/2018

Vulnerability Publication Date: 1/4/2018

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-5715, CVE-2017-5753, CVE-2018-1000200, CVE-2018-1000204, CVE-2018-10087, CVE-2018-10124, CVE-2018-1092, CVE-2018-1093, CVE-2018-1094, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-12233, CVE-2018-13053, CVE-2018-13405, CVE-2018-13406, CVE-2018-3639, CVE-2018-5803, CVE-2018-5848, CVE-2018-7492, CVE-2018-8781, CVE-2018-9385