SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2648-1)

critical Nessus Plugin ID 129845

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP4 for Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).

CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).

CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).

CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation.
This allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042).

CVE-2019-14835: A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could have used this flaw to increase their privileges on the host (bnc#1150112).

CVE-2019-15216: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver (bnc#1146361).

CVE-2019-15924: fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c had a NULL pointer dereference because there was no -ENOMEM upon an alloc_workqueue failure (bnc#1149612).

CVE-2019-9456: In the Pixel C USB monitor driver there was a possible OOB write due to a missing bounds check. This could have led to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1150025).

CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via an interrupt. To exploit the vulnerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE was misused in arch/powerpc/kernel/process.c (bnc#1149713).

CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user could have read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713).

CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free.
(bnc#1149626).

CVE-2019-15921: There was a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c (bnc#1149602).

CVE-2018-21008: A use-after-free could have been caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).

CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free (bnc#1149552).

CVE-2019-15917: There was a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c (bnc#1149539).

CVE-2019-15926: An out-of-bounds access existed in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c (bnc#1149527).

CVE-2019-15927: An out-of-bounds access existed in the function build_audio_procunit in the file sound/usb/mixer.c (bnc#1149522).

CVE-2019-15902: Misuse of the upstream 'x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()' commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped (bnc#1149376).

CVE-2019-15666: There was an out-of-bounds array access in
__xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandled directory validation (bnc#1148394).

CVE-2019-15219: There was a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver (bnc#1146524).

CVE-2019-14814: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146512).

CVE-2019-14815: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code.
(bsc#1146514)

CVE-2019-14816: There was a heap-based buffer overflow in the Marvell wifi chip driver, that allowed local users to cause a denial of service (system crash) or possibly execute arbitrary code (bnc#1146516).

CVE-2019-15220: There was a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver (bnc#1146526).

CVE-2019-15538: An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS (bnc#1148093).

CVE-2019-15290: There was a NULL pointer dereference caused by a malicious USB device in the ath6kl_usb_alloc_urb_from_pipe function (bsc#1146543).

CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378).

CVE-2019-15239: An incorrect backport of a certain net/ipv4/tcp_output.c fix allowed a local attacker to trigger multiple use-after-free conditions. This could result in a kernel crash, or potentially in privilege escalation. (bsc#1146589)

CVE-2019-15212: There was a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver (bnc#1146391).

CVE-2019-15292: There was a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c (bnc#1146678).

CVE-2019-15217: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver (bnc#1146547).

CVE-2019-15211: There was a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c did not properly allocate memory (bnc#1146519).

CVE-2019-15214: There was a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c (bnc#1146550).

CVE-2019-15221: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver (bnc#1146529).

CVE-2019-15222: There was a NULL pointer dereference caused by a malicious USB device in the sound/usb/helper.c (motu_microbookii) driver (bnc#1146531).

CVE-2019-15218: There was a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver (bnc#1146413).

CVE-2019-15215: There was a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver (bnc#1146425).

CVE-2019-15090: An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the qedi_dbg_* family of functions, there is an out-of-bounds read (bnc#1146399).

CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285).

CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c. There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163).

CVE-2019-15118: check_input_term in sound/usb/mixer.c mishandled recursion, leading to kernel stack exhaustion (bnc#1145922).

CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920).

CVE-2019-10207: Fix a NULL pointer dereference in hci_uart bluetooth driver (bsc#1142857 bsc#1123959).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-2648=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1146550

https://bugzilla.suse.com/show_bug.cgi?id=1146575

https://bugzilla.suse.com/show_bug.cgi?id=1146589

https://bugzilla.suse.com/show_bug.cgi?id=1146664

https://bugzilla.suse.com/show_bug.cgi?id=1146678

https://bugzilla.suse.com/show_bug.cgi?id=1146938

https://bugzilla.suse.com/show_bug.cgi?id=1148031

https://bugzilla.suse.com/show_bug.cgi?id=1148032

https://bugzilla.suse.com/show_bug.cgi?id=1148033

https://bugzilla.suse.com/show_bug.cgi?id=1148034

https://bugzilla.suse.com/show_bug.cgi?id=1148035

https://bugzilla.suse.com/show_bug.cgi?id=1148093

https://bugzilla.suse.com/show_bug.cgi?id=1148133

https://bugzilla.suse.com/show_bug.cgi?id=1148192

https://bugzilla.suse.com/show_bug.cgi?id=1148196

https://bugzilla.suse.com/show_bug.cgi?id=1148198

https://bugzilla.suse.com/show_bug.cgi?id=1148202

https://bugzilla.suse.com/show_bug.cgi?id=1148303

https://bugzilla.suse.com/show_bug.cgi?id=1148363

https://bugzilla.suse.com/show_bug.cgi?id=1148379

https://bugzilla.suse.com/show_bug.cgi?id=1148394

https://bugzilla.suse.com/show_bug.cgi?id=1148527

https://bugzilla.suse.com/show_bug.cgi?id=1148574

https://bugzilla.suse.com/show_bug.cgi?id=1148616

https://bugzilla.suse.com/show_bug.cgi?id=1148617

https://bugzilla.suse.com/show_bug.cgi?id=1148619

https://bugzilla.suse.com/show_bug.cgi?id=1148698

https://bugzilla.suse.com/show_bug.cgi?id=1148712

https://bugzilla.suse.com/show_bug.cgi?id=1148859

https://bugzilla.suse.com/show_bug.cgi?id=1148868

https://bugzilla.suse.com/show_bug.cgi?id=1149053

https://bugzilla.suse.com/show_bug.cgi?id=1149083

https://bugzilla.suse.com/show_bug.cgi?id=1149104

https://bugzilla.suse.com/show_bug.cgi?id=1149105

https://bugzilla.suse.com/show_bug.cgi?id=1149106

https://bugzilla.suse.com/show_bug.cgi?id=1149197

https://bugzilla.suse.com/show_bug.cgi?id=1149214

https://bugzilla.suse.com/show_bug.cgi?id=1149224

https://bugzilla.suse.com/show_bug.cgi?id=1149313

https://www.suse.com/security/cve/CVE-2019-14815/

https://www.suse.com/security/cve/CVE-2019-14816/

https://www.suse.com/security/cve/CVE-2019-14821/

https://www.suse.com/security/cve/CVE-2019-14835/

https://www.suse.com/security/cve/CVE-2019-15030/

https://www.suse.com/security/cve/CVE-2019-15031/

https://www.suse.com/security/cve/CVE-2019-15090/

https://www.suse.com/security/cve/CVE-2019-15098/

https://www.suse.com/security/cve/CVE-2019-15117/

https://www.suse.com/security/cve/CVE-2019-15118/

https://www.suse.com/security/cve/CVE-2019-15211/

https://www.suse.com/security/cve/CVE-2019-15212/

https://www.suse.com/security/cve/CVE-2019-15214/

https://www.suse.com/security/cve/CVE-2019-15215/

https://www.suse.com/security/cve/CVE-2019-15216/

https://www.suse.com/security/cve/CVE-2019-15217/

https://www.suse.com/security/cve/CVE-2019-15218/

https://www.suse.com/security/cve/CVE-2019-15219/

https://www.suse.com/security/cve/CVE-2019-15220/

https://www.suse.com/security/cve/CVE-2019-15221/

https://www.suse.com/security/cve/CVE-2019-15222/

https://www.suse.com/security/cve/CVE-2019-15239/

https://www.suse.com/security/cve/CVE-2019-15290/

https://www.suse.com/security/cve/CVE-2019-15291/

https://www.suse.com/security/cve/CVE-2019-15292/

https://www.suse.com/security/cve/CVE-2019-15538/

https://www.suse.com/security/cve/CVE-2019-15666/

https://www.suse.com/security/cve/CVE-2019-15902/

https://www.suse.com/security/cve/CVE-2019-15917/

https://www.suse.com/security/cve/CVE-2019-15919/

https://www.suse.com/security/cve/CVE-2019-15920/

https://www.suse.com/security/cve/CVE-2019-15921/

https://www.suse.com/security/cve/CVE-2019-15924/

https://www.suse.com/security/cve/CVE-2019-15926/

https://www.suse.com/security/cve/CVE-2019-15927/

https://www.suse.com/security/cve/CVE-2019-9456/

https://www.suse.com/security/cve/CVE-2019-9506/

http://www.nessus.org/u?c037efe0

https://bugzilla.suse.com/show_bug.cgi?id=1047238

https://bugzilla.suse.com/show_bug.cgi?id=1050911

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1054914

https://bugzilla.suse.com/show_bug.cgi?id=1055117

https://bugzilla.suse.com/show_bug.cgi?id=1056686

https://bugzilla.suse.com/show_bug.cgi?id=1060662

https://bugzilla.suse.com/show_bug.cgi?id=1061840

https://bugzilla.suse.com/show_bug.cgi?id=1061843

https://bugzilla.suse.com/show_bug.cgi?id=1064597

https://bugzilla.suse.com/show_bug.cgi?id=1064701

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1066369

https://bugzilla.suse.com/show_bug.cgi?id=1071009

https://bugzilla.suse.com/show_bug.cgi?id=1071306

https://bugzilla.suse.com/show_bug.cgi?id=1071995

https://bugzilla.suse.com/show_bug.cgi?id=1078248

https://bugzilla.suse.com/show_bug.cgi?id=1082555

https://bugzilla.suse.com/show_bug.cgi?id=1085030

https://bugzilla.suse.com/show_bug.cgi?id=1085536

https://bugzilla.suse.com/show_bug.cgi?id=1085539

https://bugzilla.suse.com/show_bug.cgi?id=1086103

https://bugzilla.suse.com/show_bug.cgi?id=1087092

https://bugzilla.suse.com/show_bug.cgi?id=1090734

https://bugzilla.suse.com/show_bug.cgi?id=1091171

https://bugzilla.suse.com/show_bug.cgi?id=1093205

https://bugzilla.suse.com/show_bug.cgi?id=1102097

https://bugzilla.suse.com/show_bug.cgi?id=1104902

https://bugzilla.suse.com/show_bug.cgi?id=1104967

https://bugzilla.suse.com/show_bug.cgi?id=1106061

https://bugzilla.suse.com/show_bug.cgi?id=1106284

https://bugzilla.suse.com/show_bug.cgi?id=1106434

https://bugzilla.suse.com/show_bug.cgi?id=1108382

https://bugzilla.suse.com/show_bug.cgi?id=1109158

https://bugzilla.suse.com/show_bug.cgi?id=1112178

https://bugzilla.suse.com/show_bug.cgi?id=1112894

https://bugzilla.suse.com/show_bug.cgi?id=1112899

https://bugzilla.suse.com/show_bug.cgi?id=1112902

https://bugzilla.suse.com/show_bug.cgi?id=1112903

https://bugzilla.suse.com/show_bug.cgi?id=1112905

https://bugzilla.suse.com/show_bug.cgi?id=1112906

https://bugzilla.suse.com/show_bug.cgi?id=1112907

https://bugzilla.suse.com/show_bug.cgi?id=1113722

https://bugzilla.suse.com/show_bug.cgi?id=1114279

https://bugzilla.suse.com/show_bug.cgi?id=1114542

https://bugzilla.suse.com/show_bug.cgi?id=1118689

https://bugzilla.suse.com/show_bug.cgi?id=1119086

https://bugzilla.suse.com/show_bug.cgi?id=1120876

https://bugzilla.suse.com/show_bug.cgi?id=1120902

https://bugzilla.suse.com/show_bug.cgi?id=1120937

https://bugzilla.suse.com/show_bug.cgi?id=1123034

https://bugzilla.suse.com/show_bug.cgi?id=1123105

https://bugzilla.suse.com/show_bug.cgi?id=1123959

https://bugzilla.suse.com/show_bug.cgi?id=1124370

https://bugzilla.suse.com/show_bug.cgi?id=1127988

https://bugzilla.suse.com/show_bug.cgi?id=1129424

https://bugzilla.suse.com/show_bug.cgi?id=1129519

https://bugzilla.suse.com/show_bug.cgi?id=1129664

https://bugzilla.suse.com/show_bug.cgi?id=1131107

https://bugzilla.suse.com/show_bug.cgi?id=1131281

https://bugzilla.suse.com/show_bug.cgi?id=1131304

https://bugzilla.suse.com/show_bug.cgi?id=1131565

https://bugzilla.suse.com/show_bug.cgi?id=1133021

https://bugzilla.suse.com/show_bug.cgi?id=1134291

https://bugzilla.suse.com/show_bug.cgi?id=1134881

https://bugzilla.suse.com/show_bug.cgi?id=1134882

https://bugzilla.suse.com/show_bug.cgi?id=1135219

https://bugzilla.suse.com/show_bug.cgi?id=1135642

https://bugzilla.suse.com/show_bug.cgi?id=1135897

https://bugzilla.suse.com/show_bug.cgi?id=1136261

https://bugzilla.suse.com/show_bug.cgi?id=1137069

https://bugzilla.suse.com/show_bug.cgi?id=1137865

https://bugzilla.suse.com/show_bug.cgi?id=1137884

https://bugzilla.suse.com/show_bug.cgi?id=1137959

https://bugzilla.suse.com/show_bug.cgi?id=1138539

https://bugzilla.suse.com/show_bug.cgi?id=1139020

https://bugzilla.suse.com/show_bug.cgi?id=1139021

https://bugzilla.suse.com/show_bug.cgi?id=1139101

https://bugzilla.suse.com/show_bug.cgi?id=1139500

https://bugzilla.suse.com/show_bug.cgi?id=1140012

https://bugzilla.suse.com/show_bug.cgi?id=1140155

https://bugzilla.suse.com/show_bug.cgi?id=1140426

https://bugzilla.suse.com/show_bug.cgi?id=1140487

https://bugzilla.suse.com/show_bug.cgi?id=1141013

https://bugzilla.suse.com/show_bug.cgi?id=1141450

https://bugzilla.suse.com/show_bug.cgi?id=1141543

https://bugzilla.suse.com/show_bug.cgi?id=1141554

https://bugzilla.suse.com/show_bug.cgi?id=1142019

https://bugzilla.suse.com/show_bug.cgi?id=1142076

https://bugzilla.suse.com/show_bug.cgi?id=1142109

https://bugzilla.suse.com/show_bug.cgi?id=1142117

https://bugzilla.suse.com/show_bug.cgi?id=1142118

https://bugzilla.suse.com/show_bug.cgi?id=1142119

https://bugzilla.suse.com/show_bug.cgi?id=1142496

https://bugzilla.suse.com/show_bug.cgi?id=1142541

https://bugzilla.suse.com/show_bug.cgi?id=1142635

https://bugzilla.suse.com/show_bug.cgi?id=1142685

https://bugzilla.suse.com/show_bug.cgi?id=1142701

https://bugzilla.suse.com/show_bug.cgi?id=1142857

https://bugzilla.suse.com/show_bug.cgi?id=1143300

https://bugzilla.suse.com/show_bug.cgi?id=1143466

https://bugzilla.suse.com/show_bug.cgi?id=1143478

https://bugzilla.suse.com/show_bug.cgi?id=1143765

https://bugzilla.suse.com/show_bug.cgi?id=1143841

https://bugzilla.suse.com/show_bug.cgi?id=1143843

https://bugzilla.suse.com/show_bug.cgi?id=1144123

https://bugzilla.suse.com/show_bug.cgi?id=1144333

https://bugzilla.suse.com/show_bug.cgi?id=1144474

https://bugzilla.suse.com/show_bug.cgi?id=1144518

https://bugzilla.suse.com/show_bug.cgi?id=1144718

https://bugzilla.suse.com/show_bug.cgi?id=1144813

https://bugzilla.suse.com/show_bug.cgi?id=1144880

https://bugzilla.suse.com/show_bug.cgi?id=1144886

https://bugzilla.suse.com/show_bug.cgi?id=1144912

https://bugzilla.suse.com/show_bug.cgi?id=1144920

https://bugzilla.suse.com/show_bug.cgi?id=1144979

https://bugzilla.suse.com/show_bug.cgi?id=1145010

https://bugzilla.suse.com/show_bug.cgi?id=1145024

https://bugzilla.suse.com/show_bug.cgi?id=1145051

https://bugzilla.suse.com/show_bug.cgi?id=1145059

https://bugzilla.suse.com/show_bug.cgi?id=1145134

https://bugzilla.suse.com/show_bug.cgi?id=1145189

https://bugzilla.suse.com/show_bug.cgi?id=1145235

https://bugzilla.suse.com/show_bug.cgi?id=1145300

https://bugzilla.suse.com/show_bug.cgi?id=1145302

https://bugzilla.suse.com/show_bug.cgi?id=1145388

https://bugzilla.suse.com/show_bug.cgi?id=1145389

https://bugzilla.suse.com/show_bug.cgi?id=1145390

https://bugzilla.suse.com/show_bug.cgi?id=1145391

https://bugzilla.suse.com/show_bug.cgi?id=1145392

https://bugzilla.suse.com/show_bug.cgi?id=1145393

https://bugzilla.suse.com/show_bug.cgi?id=1145394

https://bugzilla.suse.com/show_bug.cgi?id=1145395

https://bugzilla.suse.com/show_bug.cgi?id=1145396

https://bugzilla.suse.com/show_bug.cgi?id=1145397

https://bugzilla.suse.com/show_bug.cgi?id=1145408

https://bugzilla.suse.com/show_bug.cgi?id=1145409

https://bugzilla.suse.com/show_bug.cgi?id=1145661

https://bugzilla.suse.com/show_bug.cgi?id=1145678

https://bugzilla.suse.com/show_bug.cgi?id=1145687

https://bugzilla.suse.com/show_bug.cgi?id=1145920

https://bugzilla.suse.com/show_bug.cgi?id=1145922

https://bugzilla.suse.com/show_bug.cgi?id=1145934

https://bugzilla.suse.com/show_bug.cgi?id=1145937

https://bugzilla.suse.com/show_bug.cgi?id=1145940

https://bugzilla.suse.com/show_bug.cgi?id=1145941

https://bugzilla.suse.com/show_bug.cgi?id=1145942

https://bugzilla.suse.com/show_bug.cgi?id=1146042

https://bugzilla.suse.com/show_bug.cgi?id=1146074

https://bugzilla.suse.com/show_bug.cgi?id=1146084

https://bugzilla.suse.com/show_bug.cgi?id=1146163

https://bugzilla.suse.com/show_bug.cgi?id=1146285

https://bugzilla.suse.com/show_bug.cgi?id=1146346

https://bugzilla.suse.com/show_bug.cgi?id=1146351

https://bugzilla.suse.com/show_bug.cgi?id=1146352

https://bugzilla.suse.com/show_bug.cgi?id=1146361

https://bugzilla.suse.com/show_bug.cgi?id=1146376

https://bugzilla.suse.com/show_bug.cgi?id=1146378

https://bugzilla.suse.com/show_bug.cgi?id=1146381

https://bugzilla.suse.com/show_bug.cgi?id=1146391

https://bugzilla.suse.com/show_bug.cgi?id=1146399

https://bugzilla.suse.com/show_bug.cgi?id=1146413

https://bugzilla.suse.com/show_bug.cgi?id=1146425

https://bugzilla.suse.com/show_bug.cgi?id=1146512

https://bugzilla.suse.com/show_bug.cgi?id=1146514

https://bugzilla.suse.com/show_bug.cgi?id=1146516

https://bugzilla.suse.com/show_bug.cgi?id=1146519

https://bugzilla.suse.com/show_bug.cgi?id=1146524

https://bugzilla.suse.com/show_bug.cgi?id=1146526

https://bugzilla.suse.com/show_bug.cgi?id=1146529

https://bugzilla.suse.com/show_bug.cgi?id=1146531

https://bugzilla.suse.com/show_bug.cgi?id=1146540

https://bugzilla.suse.com/show_bug.cgi?id=1146543

https://bugzilla.suse.com/show_bug.cgi?id=1146547

https://bugzilla.suse.com/show_bug.cgi?id=1149325

https://bugzilla.suse.com/show_bug.cgi?id=1149376

https://bugzilla.suse.com/show_bug.cgi?id=1149413

https://bugzilla.suse.com/show_bug.cgi?id=1149418

https://bugzilla.suse.com/show_bug.cgi?id=1149424

https://bugzilla.suse.com/show_bug.cgi?id=1149446

https://bugzilla.suse.com/show_bug.cgi?id=1149522

https://bugzilla.suse.com/show_bug.cgi?id=1149527

https://bugzilla.suse.com/show_bug.cgi?id=1149539

https://bugzilla.suse.com/show_bug.cgi?id=1149552

https://bugzilla.suse.com/show_bug.cgi?id=1149555

https://bugzilla.suse.com/show_bug.cgi?id=1149591

https://bugzilla.suse.com/show_bug.cgi?id=1149602

https://bugzilla.suse.com/show_bug.cgi?id=1149612

https://bugzilla.suse.com/show_bug.cgi?id=1149626

https://bugzilla.suse.com/show_bug.cgi?id=1149651

https://bugzilla.suse.com/show_bug.cgi?id=1149652

https://bugzilla.suse.com/show_bug.cgi?id=1149713

https://bugzilla.suse.com/show_bug.cgi?id=1149940

https://bugzilla.suse.com/show_bug.cgi?id=1149959

https://bugzilla.suse.com/show_bug.cgi?id=1149963

https://bugzilla.suse.com/show_bug.cgi?id=1149976

https://bugzilla.suse.com/show_bug.cgi?id=1150025

https://bugzilla.suse.com/show_bug.cgi?id=1150033

https://bugzilla.suse.com/show_bug.cgi?id=1150112

https://bugzilla.suse.com/show_bug.cgi?id=1150381

https://bugzilla.suse.com/show_bug.cgi?id=1150423

https://bugzilla.suse.com/show_bug.cgi?id=1150562

https://bugzilla.suse.com/show_bug.cgi?id=1150727

https://bugzilla.suse.com/show_bug.cgi?id=1150860

https://bugzilla.suse.com/show_bug.cgi?id=1150861

https://bugzilla.suse.com/show_bug.cgi?id=1150933

https://bugzilla.suse.com/show_bug.cgi?id=1151350

https://bugzilla.suse.com/show_bug.cgi?id=1151610

https://bugzilla.suse.com/show_bug.cgi?id=1151667

https://bugzilla.suse.com/show_bug.cgi?id=1151671

https://bugzilla.suse.com/show_bug.cgi?id=1151891

https://bugzilla.suse.com/show_bug.cgi?id=1151955

https://bugzilla.suse.com/show_bug.cgi?id=1152024

https://bugzilla.suse.com/show_bug.cgi?id=1152025

https://bugzilla.suse.com/show_bug.cgi?id=1152026

https://bugzilla.suse.com/show_bug.cgi?id=1152161

https://bugzilla.suse.com/show_bug.cgi?id=1152325

https://bugzilla.suse.com/show_bug.cgi?id=1152457

https://bugzilla.suse.com/show_bug.cgi?id=1152460

https://bugzilla.suse.com/show_bug.cgi?id=1152466

https://bugzilla.suse.com/show_bug.cgi?id=1152972

https://bugzilla.suse.com/show_bug.cgi?id=1152974

https://bugzilla.suse.com/show_bug.cgi?id=1152975

https://www.suse.com/security/cve/CVE-2017-18551/

https://www.suse.com/security/cve/CVE-2017-18595/

https://www.suse.com/security/cve/CVE-2018-20976/

https://www.suse.com/security/cve/CVE-2018-21008/

https://www.suse.com/security/cve/CVE-2019-10207/

https://www.suse.com/security/cve/CVE-2019-14814/

Plugin Details

Severity: Critical

ID: 129845

File Name: suse_SU-2019-2648-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 10/14/2019

Updated: 4/18/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-15292

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2019-15926

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo, p-cpe:/a:novell:suse_linux:kernel-azure-debugsource, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-syms-azure, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/11/2019

Vulnerability Publication Date: 8/14/2019

Reference Information

CVE: CVE-2017-18551, CVE-2017-18595, CVE-2018-20976, CVE-2018-21008, CVE-2019-10207, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835, CVE-2019-15030, CVE-2019-15031, CVE-2019-15090, CVE-2019-15098, CVE-2019-15117, CVE-2019-15118, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15217, CVE-2019-15218, CVE-2019-15219, CVE-2019-15220, CVE-2019-15221, CVE-2019-15222, CVE-2019-15239, CVE-2019-15290, CVE-2019-15291, CVE-2019-15292, CVE-2019-15538, CVE-2019-15666, CVE-2019-15902, CVE-2019-15917, CVE-2019-15919, CVE-2019-15920, CVE-2019-15921, CVE-2019-15924, CVE-2019-15926, CVE-2019-15927, CVE-2019-9456, CVE-2019-9506