Detections
Analytics
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1854-1)
critical Nessus Plugin ID 126743
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.The following security bugs were fixed :
CVE-2019-10638: In the Linux kernel, a device could be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses (bnc#1140575 1140577).
CVE-2019-10639: The Linux kernel allowed Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable because IP ID generation was changed to have a dependency on an address associated with a network namespace (bnc#1140577).
CVE-2019-13233: In arch/x86/lib/insn-eval.c in the Linux kernel, there was a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation (bnc#1140454).
CVE-2018-20836: An issue was discovered in the Linux kernel There was a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free (bnc#1134395).
CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might have lead to memory corruption and possibly other consequences (bnc#1136935).
CVE-2019-11599: The coredump implementation in the Linux kernel did not use locking or other mechanisms to prevent vma layout or vma flags changes while it ran, which allowed local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c (bnc#1131645 1133738).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch SUSE-SLE-Product-WE-15-SP1-2019-1854=1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1854=1
SUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-1854=1
SUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-1854=1
SUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-1854=1
SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-1854=1
SUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2019-1854=1
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1135556
https://bugzilla.suse.com/show_bug.cgi?id=1135642
https://bugzilla.suse.com/show_bug.cgi?id=1135897
https://bugzilla.suse.com/show_bug.cgi?id=1136161
https://bugzilla.suse.com/show_bug.cgi?id=1136264
https://bugzilla.suse.com/show_bug.cgi?id=1136343
https://bugzilla.suse.com/show_bug.cgi?id=1136935
https://bugzilla.suse.com/show_bug.cgi?id=1137625
https://bugzilla.suse.com/show_bug.cgi?id=1137728
https://bugzilla.suse.com/show_bug.cgi?id=1138879
https://bugzilla.suse.com/show_bug.cgi?id=1139712
https://bugzilla.suse.com/show_bug.cgi?id=1139751
https://bugzilla.suse.com/show_bug.cgi?id=1140887
https://bugzilla.suse.com/show_bug.cgi?id=1140888
https://bugzilla.suse.com/show_bug.cgi?id=1140889
https://bugzilla.suse.com/show_bug.cgi?id=1140891
https://bugzilla.suse.com/show_bug.cgi?id=1140893
https://bugzilla.suse.com/show_bug.cgi?id=1140948
https://bugzilla.suse.com/show_bug.cgi?id=1140954
https://bugzilla.suse.com/show_bug.cgi?id=1140955
https://bugzilla.suse.com/show_bug.cgi?id=1140956
https://bugzilla.suse.com/show_bug.cgi?id=1140957
https://bugzilla.suse.com/show_bug.cgi?id=1140958
https://bugzilla.suse.com/show_bug.cgi?id=1140959
https://bugzilla.suse.com/show_bug.cgi?id=1140960
https://bugzilla.suse.com/show_bug.cgi?id=1140961
https://bugzilla.suse.com/show_bug.cgi?id=1140962
https://bugzilla.suse.com/show_bug.cgi?id=1140964
https://bugzilla.suse.com/show_bug.cgi?id=1140971
https://bugzilla.suse.com/show_bug.cgi?id=1140972
https://bugzilla.suse.com/show_bug.cgi?id=1140992
https://www.suse.com/security/cve/CVE-2018-20836/
https://www.suse.com/security/cve/CVE-2019-10126/
https://bugzilla.suse.com/show_bug.cgi?id=1051510
https://bugzilla.suse.com/show_bug.cgi?id=1071995
https://bugzilla.suse.com/show_bug.cgi?id=1088047
https://bugzilla.suse.com/show_bug.cgi?id=1098633
https://bugzilla.suse.com/show_bug.cgi?id=1103990
https://bugzilla.suse.com/show_bug.cgi?id=1103991
https://bugzilla.suse.com/show_bug.cgi?id=1103992
https://bugzilla.suse.com/show_bug.cgi?id=1106383
https://bugzilla.suse.com/show_bug.cgi?id=1109837
https://bugzilla.suse.com/show_bug.cgi?id=1111666
https://bugzilla.suse.com/show_bug.cgi?id=1112374
https://bugzilla.suse.com/show_bug.cgi?id=1114685
https://bugzilla.suse.com/show_bug.cgi?id=1119113
https://bugzilla.suse.com/show_bug.cgi?id=1119532
https://bugzilla.suse.com/show_bug.cgi?id=1120423
https://bugzilla.suse.com/show_bug.cgi?id=1125703
https://bugzilla.suse.com/show_bug.cgi?id=1128902
https://bugzilla.suse.com/show_bug.cgi?id=1130836
https://bugzilla.suse.com/show_bug.cgi?id=1131645
https://bugzilla.suse.com/show_bug.cgi?id=1132390
https://bugzilla.suse.com/show_bug.cgi?id=1133401
https://bugzilla.suse.com/show_bug.cgi?id=1133738
https://bugzilla.suse.com/show_bug.cgi?id=1134303
https://bugzilla.suse.com/show_bug.cgi?id=1134395
https://bugzilla.suse.com/show_bug.cgi?id=1139771
https://bugzilla.suse.com/show_bug.cgi?id=1139865
https://bugzilla.suse.com/show_bug.cgi?id=1140133
https://bugzilla.suse.com/show_bug.cgi?id=1140228
https://bugzilla.suse.com/show_bug.cgi?id=1140328
https://bugzilla.suse.com/show_bug.cgi?id=1140405
https://bugzilla.suse.com/show_bug.cgi?id=1140424
https://bugzilla.suse.com/show_bug.cgi?id=1140428
https://bugzilla.suse.com/show_bug.cgi?id=1140454
https://bugzilla.suse.com/show_bug.cgi?id=1140463
https://bugzilla.suse.com/show_bug.cgi?id=1140575
https://bugzilla.suse.com/show_bug.cgi?id=1140577
https://bugzilla.suse.com/show_bug.cgi?id=1140637
https://bugzilla.suse.com/show_bug.cgi?id=1140658
https://bugzilla.suse.com/show_bug.cgi?id=1140715
https://bugzilla.suse.com/show_bug.cgi?id=1140719
https://bugzilla.suse.com/show_bug.cgi?id=1140726
https://bugzilla.suse.com/show_bug.cgi?id=1140727
https://bugzilla.suse.com/show_bug.cgi?id=1140728
https://bugzilla.suse.com/show_bug.cgi?id=1140814
https://www.suse.com/security/cve/CVE-2019-10638/
https://www.suse.com/security/cve/CVE-2019-10639/
https://www.suse.com/security/cve/CVE-2019-11599/
Plugin Details
Severity: Critical
ID: 126743
File Name: suse_SU-2019-1854-1.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/16/2019
Updated: 5/19/2022
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-20836
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2019-10126
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-debug, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-devel, p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource, p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource, p-cpe:/a:novell:suse_linux:kernel-debug-devel, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man, p-cpe:/a:novell:suse_linux:kselftests-kmp-default, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base, p-cpe:/a:novell:suse_linux:kernel-vanilla-base, p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-kvmsmall, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo, p-cpe:/a:novell:suse_linux:kernel-vanilla, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-debug-base, p-cpe:/a:novell:suse_linux:kernel-obs-qa, p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-debug-debugsource, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo, p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/15/2019
Vulnerability Publication Date: 4/29/2019
Reference Information
CVE: CVE-2018-20836, CVE-2019-10126, CVE-2019-10638, CVE-2019-10639, CVE-2019-11599, CVE-2019-13233