SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2412-1)

critical Nessus Plugin ID 129154

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.

The following new features were implemented :

jsc#SLE-4875: [CML] New device IDs for CML

jsc#SLE-7294: Add cpufreq driver for Raspberry Pi

fate#322438: Integrate P9 XIVE support (on PowerVM only)

fate#322447: Add memory protection keys (MPK) support on POWER (on PowerVM only)

fate#322448, fate#321438: P9 hardware counter (performance counters) support (on PowerVM only)

fate#325306, fate#321840: Reduce memory required to boot capture kernel while using fadump

fate#326869: perf: pmu mem_load/store event support

The following security bugs were fixed: CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated.
(bsc#1146163).

CVE-2018-20976: A use after free existed, related to xfs_fs_fill_super failure. (bsc#1146285)

CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach (bsc#1149591).

CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have lead to local escalation of privilege with System execution privileges needed.
(bsc#1150025 CVE-2019-9456).

CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959).

CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based buffer overflows in marvell wifi chip driver kernel, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code. (bnc#1146516)

CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape.
(bsc#1150112).

CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user could read vector registers of other users' processes via an interrupt. (bsc#1149713)

CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read. (bsc#1146399)

CVE-2019-15098: USB driver net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146378).

CVE-2019-15099: drivers/net/wireless/ath/ath10k/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor. (bsc#1146368)

CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access. (bsc#1145920).

CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion.
(bsc#1145922).

CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory.
(bsc#1146519).

CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. (bsc#1051510 bsc#1146391).

CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. (bsc#1146550)

CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. (bsc#1135642 bsc#1146425)

CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. (bsc#1146361).

CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. (bsc#1146547).

CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
(bsc#1051510 bsc#1146413)

CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. (bsc#1146524)

CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.
(bsc#1146526)

CVE-2019-15221, CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.
(bsc#1146529, bsc#1146531)

CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589)

CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543).

CVE-2019-15292: There was a use-after-free in atalk_proc_exit (bsc#1146678)

CVE-2019-15538: XFS partially wedged when a chgrp failed on account of being out of disk quota. This was primarily a local DoS attack vector, but it could result as well in remote DoS if the XFS filesystem was exported for instance via NFS. (bsc#1148032, bsc#1148093)

CVE-2019-15666: There was an out-of-bounds array access in
__xfrm_policy_unlink, which would cause denial of service, because verify_newpolicy_info mishandled directory validation. (bsc#1148394).

CVE-2019-15902: A backporting error reintroduced the Spectre vulnerability that it aimed to eliminate. (bnc#1149376)

CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539)

CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free.
(bsc#1149552)

CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free.
(bsc#1149626)

CVE-2019-15921: There was a memory leak issue when idr_alloc() failed (bsc#1149602)

CVE-2019-15924: Fix a NULL pointer dereference because there was no

-ENOMEM upon an alloc_workqueue failure. (bsc#1149612).

CVE-2019-15926: Out of bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx (bsc#1149527)

CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit (bsc#1149522)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch SUSE-SLE-WE-12-SP4-2019-2412=1

SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-2412=1

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2412=1

SUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2019-2412=1

SUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch SUSE-SLE-HA-12-SP4-2019-2412=1

SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-2412=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1047238

https://bugzilla.suse.com/show_bug.cgi?id=1050911

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1054914

https://bugzilla.suse.com/show_bug.cgi?id=1055117

https://bugzilla.suse.com/show_bug.cgi?id=1056686

https://bugzilla.suse.com/show_bug.cgi?id=1060662

https://bugzilla.suse.com/show_bug.cgi?id=1061840

https://bugzilla.suse.com/show_bug.cgi?id=1061843

https://bugzilla.suse.com/show_bug.cgi?id=1064597

https://bugzilla.suse.com/show_bug.cgi?id=1064701

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1108382

https://bugzilla.suse.com/show_bug.cgi?id=1112178

https://bugzilla.suse.com/show_bug.cgi?id=1112894

https://bugzilla.suse.com/show_bug.cgi?id=1112899

https://bugzilla.suse.com/show_bug.cgi?id=1112902

https://bugzilla.suse.com/show_bug.cgi?id=1112903

https://bugzilla.suse.com/show_bug.cgi?id=1112905

https://bugzilla.suse.com/show_bug.cgi?id=1112906

https://bugzilla.suse.com/show_bug.cgi?id=1112907

https://bugzilla.suse.com/show_bug.cgi?id=1113722

https://bugzilla.suse.com/show_bug.cgi?id=1120902

https://bugzilla.suse.com/show_bug.cgi?id=1134882

https://bugzilla.suse.com/show_bug.cgi?id=1135219

https://bugzilla.suse.com/show_bug.cgi?id=1135642

https://bugzilla.suse.com/show_bug.cgi?id=1135897

https://bugzilla.suse.com/show_bug.cgi?id=1136261

https://bugzilla.suse.com/show_bug.cgi?id=1137069

https://bugzilla.suse.com/show_bug.cgi?id=1137884

https://bugzilla.suse.com/show_bug.cgi?id=1138539

https://bugzilla.suse.com/show_bug.cgi?id=1139020

https://bugzilla.suse.com/show_bug.cgi?id=1139021

https://bugzilla.suse.com/show_bug.cgi?id=1142117

https://bugzilla.suse.com/show_bug.cgi?id=1142118

https://bugzilla.suse.com/show_bug.cgi?id=1142119

https://bugzilla.suse.com/show_bug.cgi?id=1142496

https://bugzilla.suse.com/show_bug.cgi?id=1142541

https://bugzilla.suse.com/show_bug.cgi?id=1142635

https://bugzilla.suse.com/show_bug.cgi?id=1142685

https://bugzilla.suse.com/show_bug.cgi?id=1142701

https://bugzilla.suse.com/show_bug.cgi?id=1144813

https://bugzilla.suse.com/show_bug.cgi?id=1144880

https://bugzilla.suse.com/show_bug.cgi?id=1144886

https://bugzilla.suse.com/show_bug.cgi?id=1144912

https://bugzilla.suse.com/show_bug.cgi?id=1144920

https://bugzilla.suse.com/show_bug.cgi?id=1144979

https://bugzilla.suse.com/show_bug.cgi?id=1145010

https://bugzilla.suse.com/show_bug.cgi?id=1145024

https://bugzilla.suse.com/show_bug.cgi?id=1145051

https://bugzilla.suse.com/show_bug.cgi?id=1145300

https://bugzilla.suse.com/show_bug.cgi?id=1145302

https://bugzilla.suse.com/show_bug.cgi?id=1145388

https://bugzilla.suse.com/show_bug.cgi?id=1145389

https://bugzilla.suse.com/show_bug.cgi?id=1145390

https://bugzilla.suse.com/show_bug.cgi?id=1145391

https://bugzilla.suse.com/show_bug.cgi?id=1145922

https://bugzilla.suse.com/show_bug.cgi?id=1145934

https://bugzilla.suse.com/show_bug.cgi?id=1145937

https://bugzilla.suse.com/show_bug.cgi?id=1145940

https://bugzilla.suse.com/show_bug.cgi?id=1145941

https://bugzilla.suse.com/show_bug.cgi?id=1145942

https://bugzilla.suse.com/show_bug.cgi?id=1146074

https://bugzilla.suse.com/show_bug.cgi?id=1146084

https://bugzilla.suse.com/show_bug.cgi?id=1146163

https://bugzilla.suse.com/show_bug.cgi?id=1146285

https://bugzilla.suse.com/show_bug.cgi?id=1146346

https://bugzilla.suse.com/show_bug.cgi?id=1146351

https://bugzilla.suse.com/show_bug.cgi?id=1146352

https://bugzilla.suse.com/show_bug.cgi?id=1146361

https://bugzilla.suse.com/show_bug.cgi?id=1146368

https://bugzilla.suse.com/show_bug.cgi?id=1148133

https://bugzilla.suse.com/show_bug.cgi?id=1148192

https://bugzilla.suse.com/show_bug.cgi?id=1148196

https://bugzilla.suse.com/show_bug.cgi?id=1148198

https://bugzilla.suse.com/show_bug.cgi?id=1148202

https://bugzilla.suse.com/show_bug.cgi?id=1148303

https://bugzilla.suse.com/show_bug.cgi?id=1148363

https://bugzilla.suse.com/show_bug.cgi?id=1148379

https://bugzilla.suse.com/show_bug.cgi?id=1148394

https://bugzilla.suse.com/show_bug.cgi?id=1148527

https://bugzilla.suse.com/show_bug.cgi?id=1148574

https://bugzilla.suse.com/show_bug.cgi?id=1148616

https://bugzilla.suse.com/show_bug.cgi?id=1148617

https://bugzilla.suse.com/show_bug.cgi?id=1148619

https://bugzilla.suse.com/show_bug.cgi?id=1148698

https://bugzilla.suse.com/show_bug.cgi?id=1148859

https://bugzilla.suse.com/show_bug.cgi?id=1148868

https://bugzilla.suse.com/show_bug.cgi?id=1149053

https://bugzilla.suse.com/show_bug.cgi?id=1149083

https://bugzilla.suse.com/show_bug.cgi?id=1149104

https://bugzilla.suse.com/show_bug.cgi?id=1149105

https://bugzilla.suse.com/show_bug.cgi?id=1149106

https://bugzilla.suse.com/show_bug.cgi?id=1149197

https://bugzilla.suse.com/show_bug.cgi?id=1149214

https://bugzilla.suse.com/show_bug.cgi?id=1149224

https://bugzilla.suse.com/show_bug.cgi?id=1149325

https://bugzilla.suse.com/show_bug.cgi?id=1149376

https://bugzilla.suse.com/show_bug.cgi?id=1149413

https://bugzilla.suse.com/show_bug.cgi?id=1149418

https://bugzilla.suse.com/show_bug.cgi?id=1149424

https://bugzilla.suse.com/show_bug.cgi?id=1149522

https://bugzilla.suse.com/show_bug.cgi?id=1149527

https://bugzilla.suse.com/show_bug.cgi?id=1149539

https://bugzilla.suse.com/show_bug.cgi?id=1149552

https://bugzilla.suse.com/show_bug.cgi?id=1149591

https://bugzilla.suse.com/show_bug.cgi?id=1149602

https://bugzilla.suse.com/show_bug.cgi?id=1149612

https://bugzilla.suse.com/show_bug.cgi?id=1149626

https://bugzilla.suse.com/show_bug.cgi?id=1149652

https://bugzilla.suse.com/show_bug.cgi?id=1149713

https://bugzilla.suse.com/show_bug.cgi?id=1149940

https://bugzilla.suse.com/show_bug.cgi?id=1149959

https://bugzilla.suse.com/show_bug.cgi?id=1149963

https://bugzilla.suse.com/show_bug.cgi?id=1149976

https://bugzilla.suse.com/show_bug.cgi?id=1150025

https://bugzilla.suse.com/show_bug.cgi?id=1150033

https://bugzilla.suse.com/show_bug.cgi?id=1150112

https://bugzilla.suse.com/show_bug.cgi?id=1150562

https://bugzilla.suse.com/show_bug.cgi?id=1150727

https://bugzilla.suse.com/show_bug.cgi?id=1150860

https://bugzilla.suse.com/show_bug.cgi?id=1150861

https://bugzilla.suse.com/show_bug.cgi?id=1150933

https://www.suse.com/security/cve/CVE-2017-18551/

https://www.suse.com/security/cve/CVE-2018-20976/

https://www.suse.com/security/cve/CVE-2018-21008/

https://www.suse.com/security/cve/CVE-2019-10207/

https://www.suse.com/security/cve/CVE-2019-14814/

https://www.suse.com/security/cve/CVE-2019-14815/

https://www.suse.com/security/cve/CVE-2019-14816/

https://www.suse.com/security/cve/CVE-2019-14835/

https://www.suse.com/security/cve/CVE-2019-15030/

https://www.suse.com/security/cve/CVE-2019-15031/

https://www.suse.com/security/cve/CVE-2019-15090/

https://www.suse.com/security/cve/CVE-2019-15098/

https://www.suse.com/security/cve/CVE-2019-15099/

https://www.suse.com/security/cve/CVE-2019-15117/

https://www.suse.com/security/cve/CVE-2019-15118/

https://www.suse.com/security/cve/CVE-2019-15211/

https://www.suse.com/security/cve/CVE-2019-15212/

https://www.suse.com/security/cve/CVE-2019-15214/

https://www.suse.com/security/cve/CVE-2019-15215/

https://www.suse.com/security/cve/CVE-2019-15216/

https://www.suse.com/security/cve/CVE-2019-15217/

https://www.suse.com/security/cve/CVE-2019-15218/

https://www.suse.com/security/cve/CVE-2019-15219/

https://www.suse.com/security/cve/CVE-2019-15220/

https://www.suse.com/security/cve/CVE-2019-15221/

https://www.suse.com/security/cve/CVE-2019-15222/

https://www.suse.com/security/cve/CVE-2019-15239/

https://www.suse.com/security/cve/CVE-2019-15290/

https://www.suse.com/security/cve/CVE-2019-15292/

https://www.suse.com/security/cve/CVE-2019-15538/

https://www.suse.com/security/cve/CVE-2019-15666/

https://www.suse.com/security/cve/CVE-2019-15902/

https://www.suse.com/security/cve/CVE-2019-15917/

https://www.suse.com/security/cve/CVE-2019-15919/

https://www.suse.com/security/cve/CVE-2019-15920/

https://www.suse.com/security/cve/CVE-2019-15921/

https://www.suse.com/security/cve/CVE-2019-15924/

https://www.suse.com/security/cve/CVE-2019-15926/

https://www.suse.com/security/cve/CVE-2019-15927/

https://www.suse.com/security/cve/CVE-2019-9456/

http://www.nessus.org/u?886ea889

https://bugzilla.suse.com/show_bug.cgi?id=1066369

https://bugzilla.suse.com/show_bug.cgi?id=1071009

https://bugzilla.suse.com/show_bug.cgi?id=1071306

https://bugzilla.suse.com/show_bug.cgi?id=1078248

https://bugzilla.suse.com/show_bug.cgi?id=1082555

https://bugzilla.suse.com/show_bug.cgi?id=1085030

https://bugzilla.suse.com/show_bug.cgi?id=1085536

https://bugzilla.suse.com/show_bug.cgi?id=1085539

https://bugzilla.suse.com/show_bug.cgi?id=1086103

https://bugzilla.suse.com/show_bug.cgi?id=1087092

https://bugzilla.suse.com/show_bug.cgi?id=1090734

https://bugzilla.suse.com/show_bug.cgi?id=1091171

https://bugzilla.suse.com/show_bug.cgi?id=1093205

https://bugzilla.suse.com/show_bug.cgi?id=1102097

https://bugzilla.suse.com/show_bug.cgi?id=1104902

https://bugzilla.suse.com/show_bug.cgi?id=1106061

https://bugzilla.suse.com/show_bug.cgi?id=1106284

https://bugzilla.suse.com/show_bug.cgi?id=1106434

https://bugzilla.suse.com/show_bug.cgi?id=1114279

https://bugzilla.suse.com/show_bug.cgi?id=1114542

https://bugzilla.suse.com/show_bug.cgi?id=1118689

https://bugzilla.suse.com/show_bug.cgi?id=1119086

https://bugzilla.suse.com/show_bug.cgi?id=1120876

https://bugzilla.suse.com/show_bug.cgi?id=1120937

https://bugzilla.suse.com/show_bug.cgi?id=1123105

https://bugzilla.suse.com/show_bug.cgi?id=1123959

https://bugzilla.suse.com/show_bug.cgi?id=1124370

https://bugzilla.suse.com/show_bug.cgi?id=1129424

https://bugzilla.suse.com/show_bug.cgi?id=1129519

https://bugzilla.suse.com/show_bug.cgi?id=1129664

https://bugzilla.suse.com/show_bug.cgi?id=1131107

https://bugzilla.suse.com/show_bug.cgi?id=1131281

https://bugzilla.suse.com/show_bug.cgi?id=1131565

https://bugzilla.suse.com/show_bug.cgi?id=1133021

https://bugzilla.suse.com/show_bug.cgi?id=1134291

https://bugzilla.suse.com/show_bug.cgi?id=1134881

https://bugzilla.suse.com/show_bug.cgi?id=1139101

https://bugzilla.suse.com/show_bug.cgi?id=1139500

https://bugzilla.suse.com/show_bug.cgi?id=1140012

https://bugzilla.suse.com/show_bug.cgi?id=1140426

https://bugzilla.suse.com/show_bug.cgi?id=1140487

https://bugzilla.suse.com/show_bug.cgi?id=1141013

https://bugzilla.suse.com/show_bug.cgi?id=1141450

https://bugzilla.suse.com/show_bug.cgi?id=1141543

https://bugzilla.suse.com/show_bug.cgi?id=1141554

https://bugzilla.suse.com/show_bug.cgi?id=1142019

https://bugzilla.suse.com/show_bug.cgi?id=1142076

https://bugzilla.suse.com/show_bug.cgi?id=1142109

https://bugzilla.suse.com/show_bug.cgi?id=1142857

https://bugzilla.suse.com/show_bug.cgi?id=1143300

https://bugzilla.suse.com/show_bug.cgi?id=1143466

https://bugzilla.suse.com/show_bug.cgi?id=1143765

https://bugzilla.suse.com/show_bug.cgi?id=1143841

https://bugzilla.suse.com/show_bug.cgi?id=1143843

https://bugzilla.suse.com/show_bug.cgi?id=1144123

https://bugzilla.suse.com/show_bug.cgi?id=1144333

https://bugzilla.suse.com/show_bug.cgi?id=1144474

https://bugzilla.suse.com/show_bug.cgi?id=1144518

https://bugzilla.suse.com/show_bug.cgi?id=1144718

https://bugzilla.suse.com/show_bug.cgi?id=1145059

https://bugzilla.suse.com/show_bug.cgi?id=1145189

https://bugzilla.suse.com/show_bug.cgi?id=1145235

https://bugzilla.suse.com/show_bug.cgi?id=1145392

https://bugzilla.suse.com/show_bug.cgi?id=1145393

https://bugzilla.suse.com/show_bug.cgi?id=1145394

https://bugzilla.suse.com/show_bug.cgi?id=1145395

https://bugzilla.suse.com/show_bug.cgi?id=1145396

https://bugzilla.suse.com/show_bug.cgi?id=1145397

https://bugzilla.suse.com/show_bug.cgi?id=1145408

https://bugzilla.suse.com/show_bug.cgi?id=1145409

https://bugzilla.suse.com/show_bug.cgi?id=1145661

https://bugzilla.suse.com/show_bug.cgi?id=1145678

https://bugzilla.suse.com/show_bug.cgi?id=1145687

https://bugzilla.suse.com/show_bug.cgi?id=1145920

https://bugzilla.suse.com/show_bug.cgi?id=1146376

https://bugzilla.suse.com/show_bug.cgi?id=1146378

https://bugzilla.suse.com/show_bug.cgi?id=1146381

https://bugzilla.suse.com/show_bug.cgi?id=1146391

https://bugzilla.suse.com/show_bug.cgi?id=1146399

https://bugzilla.suse.com/show_bug.cgi?id=1146413

https://bugzilla.suse.com/show_bug.cgi?id=1146425

https://bugzilla.suse.com/show_bug.cgi?id=1146516

https://bugzilla.suse.com/show_bug.cgi?id=1146519

https://bugzilla.suse.com/show_bug.cgi?id=1146524

https://bugzilla.suse.com/show_bug.cgi?id=1146526

https://bugzilla.suse.com/show_bug.cgi?id=1146529

https://bugzilla.suse.com/show_bug.cgi?id=1146531

https://bugzilla.suse.com/show_bug.cgi?id=1146543

https://bugzilla.suse.com/show_bug.cgi?id=1146547

https://bugzilla.suse.com/show_bug.cgi?id=1146550

https://bugzilla.suse.com/show_bug.cgi?id=1146575

https://bugzilla.suse.com/show_bug.cgi?id=1146589

https://bugzilla.suse.com/show_bug.cgi?id=1146678

https://bugzilla.suse.com/show_bug.cgi?id=1146938

https://bugzilla.suse.com/show_bug.cgi?id=1148031

https://bugzilla.suse.com/show_bug.cgi?id=1148032

https://bugzilla.suse.com/show_bug.cgi?id=1148033

https://bugzilla.suse.com/show_bug.cgi?id=1148034

https://bugzilla.suse.com/show_bug.cgi?id=1148035

https://bugzilla.suse.com/show_bug.cgi?id=1148093

Plugin Details

Severity: Critical

ID: 129154

File Name: suse_SU-2019-2412-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 9/23/2019

Updated: 4/24/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-15292

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2019-15926

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/20/2019

Vulnerability Publication Date: 8/16/2019

Reference Information

CVE: CVE-2017-18551, CVE-2018-20976, CVE-2018-21008, CVE-2019-10207, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14835, CVE-2019-15030, CVE-2019-15031, CVE-2019-15090, CVE-2019-15098, CVE-2019-15099, CVE-2019-15117, CVE-2019-15118, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15217, CVE-2019-15218, CVE-2019-15219, CVE-2019-15220, CVE-2019-15221, CVE-2019-15222, CVE-2019-15239, CVE-2019-15290, CVE-2019-15292, CVE-2019-15538, CVE-2019-15666, CVE-2019-15902, CVE-2019-15917, CVE-2019-15919, CVE-2019-15920, CVE-2019-15921, CVE-2019-15924, CVE-2019-15926, CVE-2019-15927, CVE-2019-9456