SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1)

critical Nessus Plugin ID 134363

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 15 SP1 real-time kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2019-14615: An information disclosure vulnerability existed due to insufficient control flow in certain data structures for some Intel(R) Processors (bnc#1160195).

CVE-2019-14895: A heap-based buffer overflow was discovered in the Marvell WiFi driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service or possibly execute arbitrary code (bnc#1157158).

CVE-2019-14896: A heap overflow was found in the add_ie_rates() function of the Marvell Wifi Driver (bsc#1157157).

CVE-2019-14897: A stack overflow was found in the lbs_ibss_join_existing() function of the Marvell Wifi Driver (bsc#1157155).

CVE-2019-14901: A heap overflow flaw was found in the Marvell WiFi driver. The vulnerability allowed a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code (bnc#1157042).

CVE-2019-15213: A use-after-free bug caused by a malicious USB device was found in drivers/media/usb/dvb-usb/dvb-usb-init.c (bsc#1146544).

CVE-2019-16746: An issue was discovered in net/wireless/nl80211.c. The check for the length of variable elements in a beacon head was insufficient, leading to a buffer overflow (bnc#1152107).

CVE-2019-16994: A memory leak existed in sit_init_net() in net/ipv6/sit.c which might have caused denial of service, aka CID-07f12b26e21a (bnc#1161523).

CVE-2019-18660: An information disclosure bug occured because the Spectre-RSB mitigation were not in place for all applicable CPUs, aka CID-39e72bf96f58 (bnc#1157038).

CVE-2019-18683: Multiple race conditions were discovered in drivers/media/platform/vivid. It was exploitable for privilege escalation if local users had access to /dev/video0, but only if the driver happened to be loaded. At least one of these race conditions led to a use-after-free (bnc#1155897).

CVE-2019-18808: A memory leak in drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of service (memory consumption), aka CID-128c66429247 (bnc#1156259).

CVE-2019-18809: A memory leak in drivers/media/usb/dvb-usb/af9005.c allowed attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559 (bnc#1156258).

CVE-2019-19036: An issue discovered in btrfs_root_node in fs/btrfs/ctree.c allowed a NULL pointer dereference because rcu_dereference(root->node) can be zero (bnc#1157692).

CVE-2019-19045: A memory leak in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c allowed attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7 (bnc#1161522).

CVE-2019-19046: There was a memory leak in __ipmi_bmc_register (bsc#1157304).

CVE-2019-19049: There was an unlikely memory leak in unittest_data_add (bsc#1157173).

CVE-2019-19051: A memory leak in drivers/net/wimax/i2400m/op-rfkill.c allowed attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7 (bnc#1159024).

CVE-2019-19052: A memory leak in drivers/net/can/usb/gs_usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-fb5be6a7b486 (bnc#1157324).

CVE-2019-19054: A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c allowed attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b (bnc#1161518).

CVE-2019-19056: A memory leak in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption), aka CID-db8fd2cde932 (bnc#1157197).

CVE-2019-19057: Two memory leaks in drivers/net/wireless/marvell/mwifiex/pcie.c allowed attackers to cause a denial of service (memory consumption), aka CID-d10dcb615c8e (bnc#1157193 bsc#1157197).

CVE-2019-19058: A memory leak in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allowed attackers to cause a denial of service (memory consumption), aka CID-b4b814fec1a5 (bnc#1157145).

CVE-2019-19060: A memory leak in drivers/iio/imu/adis_buffer.c allowed attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (bnc#1157178).

CVE-2019-19062: A memory leak in crypto/crypto_user_base.c allowed attackers to cause a denial of service (memory consumption), aka CID-ffdde5932042 (bnc#1157333).

CVE-2019-19063: Two memory leaks in drivers/net/wireless/realtek/rtlwifi/usb.c allowed attackers to cause a denial of service (memory consumption), aka CID-3f9361695113 (bnc#1157298).

CVE-2019-19065: A memory leak in drivers/infiniband/hw/hfi1/sdma.c allowed attackers to cause a denial of service (memory consumption), aka CID-34b3be18a04e (bnc#1157191).

CVE-2019-19066: A memory leak in drivers/scsi/bfa/bfad_attr.c allowed attackers to cause a denial of service (memory consumption), aka CID-0e62395da2bd (bnc#1157303).

CVE-2019-19067: There were four unlikely memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c (bnc#1157180).

CVE-2019-19068: A memory leak in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c allowed attackers to cause a denial of service (memory consumption), aka CID-a2cdd07488e6 (bnc#1157307).

CVE-2019-19073: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c allowed attackers to cause a denial of service (memory consumption), aka CID-853acf7caf10 (bnc#1157070).

CVE-2019-19074: A memory leak in drivers/net/wireless/ath/ath9k/wmi.c allowed attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4 (bnc#1157143).

CVE-2019-19075: A memory leak in drivers/net/ieee802154/ca8210.c allowed attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e (bnc#1157162).

CVE-2019-19077: A memory leak in drivers/infiniband/hw/bnxt_re/ib_verbs.c allowed attackers to cause a denial of service (memory consumption), aka CID-4a9d46a9fe14 (bnc#1157171).

CVE-2019-19078: A memory leak in drivers/net/wireless/ath/ath10k/usb.c allowed attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2 (bnc#1157032).

CVE-2019-19080: Four memory leaks in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a (bnc#1157044).

CVE-2019-19081: A memory leak in drivers/net/ethernet/netronome/nfp/flower/main.c allowed attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a (bnc#1157045).

CVE-2019-19082: Memory leaks were found in the *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc, aka CID-104c307147ad (bnc#1157046).

CVE-2019-19083: Memory leaks were found in the *clock_source_create() functions under drivers/gpu/drm/amd/display/dc, aka CID-055e547478a1 (bnc#1157049).

CVE-2019-19227: In the AppleTalk subsystem there was a potential NULL pointer dereference because register_snap_client may return NULL. This could have led to denial of service, aka CID-9804501fa122 (bnc#1157678).

CVE-2019-19318: Mounting a crafted btrfs image twice could have caused a use-after-free (bnc#1158026).

CVE-2019-19319: A slab-out-of-bounds write access could have occured when setxattr was called after mounting of a specially crafted ext4 image (bnc#1158021).

CVE-2019-19332: An out-of-bounds memory write issue was found in the way the KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could have used this flaw to crash the system (bnc#1158827).

CVE-2019-19338: There was an incomplete fix for an issue with Transactional Synchronisation Extensions in the KVM code (bsc#1158954).

CVE-2019-19447: Mounting a crafted ext4 filesystem image, performing some operations, and unmounting could have led to a use-after-free in fs/ext4/super.c (bnc#1158819).

CVE-2019-19523: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79 (bsc#1158823).

CVE-2019-19524: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9 (bsc#1158413).

CVE-2019-19525: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035 (bsc#1158417).

CVE-2019-19526: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098 (bsc#1158893).

CVE-2019-19527: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e (bsc#1158900).

CVE-2019-19528: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d (bsc#1158407).

CVE-2019-19529: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41 (bnc#1158381).

CVE-2019-19530: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef (bsc#1158410).

CVE-2019-19531: There was a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445).

CVE-2019-19532: There were multiple out-of-bounds write bugs that can be caused by a malicious USB HID device, aka CID-d9d4b1e46d95 (bsc#1158824).

CVE-2019-19533: There was an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464 (bsc#1158834).

CVE-2019-19534: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29 (bsc#1158398).

CVE-2019-19535: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042 (bsc#1158903).

CVE-2019-19536: There was an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0 (bsc#1158394).

CVE-2019-19537: There was a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9 (bsc#1158904).

CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c (bnc#1158427).

CVE-2019-19767: There were multiple use-after-free errors in
__ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163 (bnc#1159297).

CVE-2019-19927: A slab-out-of-bounds read access occured when mounting a crafted f2fs filesystem image and performing some operations on it (bnc#1160147).

CVE-2019-19965: There was a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5 (bnc#1159911).

CVE-2019-19966: There was a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that could have caused a denial of service, aka CID-dea37a972655 (bnc#1159841).

CVE-2019-20054: There was a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e (bnc#1159910).

CVE-2019-20095: Several memory leaks were found in drivers/net/wireless/marvell/mwifiex/cfg80211.c, aka CID-003b686ace82 (bnc#1159909).

CVE-2019-20096: There was a memory leak in __feat_register_sp() in net/dccp/feat.c, aka CID-1d3ff0950e2b (bnc#1159908).

CVE-2020-7053: There was a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c (bnc#1160966).

CVE-2020-8428: There was a use-after-free bug in fs/namei.c, which allowed local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9 (bnc#1162109).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Realtime 15-SP1:zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-613=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-613=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1112178

https://bugzilla.suse.com/show_bug.cgi?id=1112374

https://bugzilla.suse.com/show_bug.cgi?id=1113722

https://bugzilla.suse.com/show_bug.cgi?id=1113956

https://bugzilla.suse.com/show_bug.cgi?id=1113994

https://bugzilla.suse.com/show_bug.cgi?id=1114279

https://bugzilla.suse.com/show_bug.cgi?id=1114685

https://bugzilla.suse.com/show_bug.cgi?id=1115026

https://bugzilla.suse.com/show_bug.cgi?id=1117169

https://bugzilla.suse.com/show_bug.cgi?id=1118661

https://bugzilla.suse.com/show_bug.cgi?id=1119113

https://bugzilla.suse.com/show_bug.cgi?id=1120853

https://bugzilla.suse.com/show_bug.cgi?id=1123328

https://bugzilla.suse.com/show_bug.cgi?id=1126206

https://bugzilla.suse.com/show_bug.cgi?id=1126390

https://bugzilla.suse.com/show_bug.cgi?id=1127354

https://bugzilla.suse.com/show_bug.cgi?id=1127371

https://bugzilla.suse.com/show_bug.cgi?id=1127611

https://bugzilla.suse.com/show_bug.cgi?id=1127682

https://bugzilla.suse.com/show_bug.cgi?id=1129551

https://bugzilla.suse.com/show_bug.cgi?id=1129770

https://bugzilla.suse.com/show_bug.cgi?id=1134973

https://bugzilla.suse.com/show_bug.cgi?id=1134983

https://bugzilla.suse.com/show_bug.cgi?id=1137223

https://bugzilla.suse.com/show_bug.cgi?id=1137236

https://bugzilla.suse.com/show_bug.cgi?id=1138039

https://bugzilla.suse.com/show_bug.cgi?id=1140948

https://bugzilla.suse.com/show_bug.cgi?id=1141054

https://bugzilla.suse.com/show_bug.cgi?id=1142095

https://bugzilla.suse.com/show_bug.cgi?id=1142635

https://bugzilla.suse.com/show_bug.cgi?id=1142924

https://bugzilla.suse.com/show_bug.cgi?id=1143959

https://bugzilla.suse.com/show_bug.cgi?id=1144333

https://bugzilla.suse.com/show_bug.cgi?id=1146519

https://bugzilla.suse.com/show_bug.cgi?id=1146544

https://bugzilla.suse.com/show_bug.cgi?id=1151067

https://bugzilla.suse.com/show_bug.cgi?id=1151548

https://bugzilla.suse.com/show_bug.cgi?id=1151900

https://bugzilla.suse.com/show_bug.cgi?id=1151910

https://bugzilla.suse.com/show_bug.cgi?id=1151927

https://bugzilla.suse.com/show_bug.cgi?id=1152107

https://bugzilla.suse.com/show_bug.cgi?id=1152631

https://bugzilla.suse.com/show_bug.cgi?id=1153535

https://bugzilla.suse.com/show_bug.cgi?id=1153628

https://bugzilla.suse.com/show_bug.cgi?id=1153811

https://bugzilla.suse.com/show_bug.cgi?id=1153917

https://bugzilla.suse.com/show_bug.cgi?id=1154043

https://bugzilla.suse.com/show_bug.cgi?id=1154058

https://bugzilla.suse.com/show_bug.cgi?id=1154243

https://bugzilla.suse.com/show_bug.cgi?id=1154355

https://bugzilla.suse.com/show_bug.cgi?id=1154601

https://bugzilla.suse.com/show_bug.cgi?id=1154768

https://bugzilla.suse.com/show_bug.cgi?id=1154916

https://bugzilla.suse.com/show_bug.cgi?id=1155331

https://bugzilla.suse.com/show_bug.cgi?id=1155334

https://bugzilla.suse.com/show_bug.cgi?id=1155689

https://bugzilla.suse.com/show_bug.cgi?id=1155897

https://bugzilla.suse.com/show_bug.cgi?id=1155921

https://bugzilla.suse.com/show_bug.cgi?id=1156258

https://bugzilla.suse.com/show_bug.cgi?id=1156259

https://bugzilla.suse.com/show_bug.cgi?id=1156286

https://bugzilla.suse.com/show_bug.cgi?id=1156462

https://bugzilla.suse.com/show_bug.cgi?id=1156471

https://bugzilla.suse.com/show_bug.cgi?id=1156928

https://bugzilla.suse.com/show_bug.cgi?id=1157032

https://bugzilla.suse.com/show_bug.cgi?id=1157038

https://bugzilla.suse.com/show_bug.cgi?id=1157042

https://bugzilla.suse.com/show_bug.cgi?id=1157044

https://bugzilla.suse.com/show_bug.cgi?id=1157045

https://bugzilla.suse.com/show_bug.cgi?id=1157046

https://bugzilla.suse.com/show_bug.cgi?id=1157049

https://bugzilla.suse.com/show_bug.cgi?id=1157070

https://bugzilla.suse.com/show_bug.cgi?id=1157115

https://bugzilla.suse.com/show_bug.cgi?id=1157143

https://bugzilla.suse.com/show_bug.cgi?id=1157145

https://bugzilla.suse.com/show_bug.cgi?id=1157155

https://bugzilla.suse.com/show_bug.cgi?id=1157157

https://bugzilla.suse.com/show_bug.cgi?id=1157158

https://bugzilla.suse.com/show_bug.cgi?id=1157160

https://bugzilla.suse.com/show_bug.cgi?id=1157162

https://bugzilla.suse.com/show_bug.cgi?id=1157169

https://bugzilla.suse.com/show_bug.cgi?id=1157171

https://bugzilla.suse.com/show_bug.cgi?id=1157173

https://bugzilla.suse.com/show_bug.cgi?id=1157178

https://bugzilla.suse.com/show_bug.cgi?id=1157180

https://bugzilla.suse.com/show_bug.cgi?id=1157182

https://bugzilla.suse.com/show_bug.cgi?id=1157183

https://bugzilla.suse.com/show_bug.cgi?id=1157184

https://bugzilla.suse.com/show_bug.cgi?id=1157191

https://bugzilla.suse.com/show_bug.cgi?id=1157193

https://bugzilla.suse.com/show_bug.cgi?id=1157197

https://bugzilla.suse.com/show_bug.cgi?id=1157298

https://bugzilla.suse.com/show_bug.cgi?id=1157303

https://bugzilla.suse.com/show_bug.cgi?id=1157304

https://bugzilla.suse.com/show_bug.cgi?id=1157307

https://bugzilla.suse.com/show_bug.cgi?id=1157324

https://bugzilla.suse.com/show_bug.cgi?id=1157333

https://bugzilla.suse.com/show_bug.cgi?id=1157386

https://bugzilla.suse.com/show_bug.cgi?id=1161514

https://bugzilla.suse.com/show_bug.cgi?id=1161518

https://bugzilla.suse.com/show_bug.cgi?id=1161522

https://bugzilla.suse.com/show_bug.cgi?id=1161523

https://bugzilla.suse.com/show_bug.cgi?id=1161549

https://bugzilla.suse.com/show_bug.cgi?id=1161552

https://bugzilla.suse.com/show_bug.cgi?id=1161674

https://bugzilla.suse.com/show_bug.cgi?id=1161931

https://bugzilla.suse.com/show_bug.cgi?id=1161933

https://bugzilla.suse.com/show_bug.cgi?id=1161934

https://bugzilla.suse.com/show_bug.cgi?id=1161935

https://bugzilla.suse.com/show_bug.cgi?id=1161936

https://bugzilla.suse.com/show_bug.cgi?id=1161937

https://bugzilla.suse.com/show_bug.cgi?id=1162028

https://bugzilla.suse.com/show_bug.cgi?id=1162067

https://bugzilla.suse.com/show_bug.cgi?id=1162109

https://bugzilla.suse.com/show_bug.cgi?id=1162139

https://www.suse.com/security/cve/CVE-2019-14615/

https://www.suse.com/security/cve/CVE-2019-14895/

https://www.suse.com/security/cve/CVE-2019-14896/

https://www.suse.com/security/cve/CVE-2019-14897/

https://www.suse.com/security/cve/CVE-2019-14901/

https://www.suse.com/security/cve/CVE-2019-15213/

https://www.suse.com/security/cve/CVE-2019-16746/

https://www.suse.com/security/cve/CVE-2019-16994/

https://www.suse.com/security/cve/CVE-2019-18660/

https://www.suse.com/security/cve/CVE-2019-18683/

https://www.suse.com/security/cve/CVE-2019-18808/

https://www.suse.com/security/cve/CVE-2019-18809/

https://www.suse.com/security/cve/CVE-2019-19036/

https://www.suse.com/security/cve/CVE-2019-19045/

https://www.suse.com/security/cve/CVE-2019-19046/

https://www.suse.com/security/cve/CVE-2019-19049/

https://www.suse.com/security/cve/CVE-2019-19051/

https://www.suse.com/security/cve/CVE-2019-19052/

https://www.suse.com/security/cve/CVE-2019-19054/

https://www.suse.com/security/cve/CVE-2019-19056/

https://www.suse.com/security/cve/CVE-2019-19057/

https://www.suse.com/security/cve/CVE-2019-19058/

https://www.suse.com/security/cve/CVE-2019-19060/

https://www.suse.com/security/cve/CVE-2019-19062/

https://www.suse.com/security/cve/CVE-2019-19063/

https://bugzilla.suse.com/show_bug.cgi?id=1046303

https://bugzilla.suse.com/show_bug.cgi?id=1050244

https://bugzilla.suse.com/show_bug.cgi?id=1051510

https://bugzilla.suse.com/show_bug.cgi?id=1051858

https://bugzilla.suse.com/show_bug.cgi?id=1061840

https://bugzilla.suse.com/show_bug.cgi?id=1065600

https://bugzilla.suse.com/show_bug.cgi?id=1065729

https://bugzilla.suse.com/show_bug.cgi?id=1071995

https://bugzilla.suse.com/show_bug.cgi?id=1078248

https://bugzilla.suse.com/show_bug.cgi?id=1083647

https://bugzilla.suse.com/show_bug.cgi?id=1085030

https://bugzilla.suse.com/show_bug.cgi?id=1086301

https://bugzilla.suse.com/show_bug.cgi?id=1086313

https://bugzilla.suse.com/show_bug.cgi?id=1086314

https://bugzilla.suse.com/show_bug.cgi?id=1089644

https://bugzilla.suse.com/show_bug.cgi?id=1090888

https://bugzilla.suse.com/show_bug.cgi?id=1103989

https://bugzilla.suse.com/show_bug.cgi?id=1103990

https://bugzilla.suse.com/show_bug.cgi?id=1103991

https://bugzilla.suse.com/show_bug.cgi?id=1104353

https://bugzilla.suse.com/show_bug.cgi?id=1104427

https://bugzilla.suse.com/show_bug.cgi?id=1104745

https://bugzilla.suse.com/show_bug.cgi?id=1108043

https://bugzilla.suse.com/show_bug.cgi?id=1109837

https://bugzilla.suse.com/show_bug.cgi?id=1111666

https://bugzilla.suse.com/show_bug.cgi?id=1157424

https://bugzilla.suse.com/show_bug.cgi?id=1157463

https://bugzilla.suse.com/show_bug.cgi?id=1157499

https://bugzilla.suse.com/show_bug.cgi?id=1157678

https://bugzilla.suse.com/show_bug.cgi?id=1157692

https://bugzilla.suse.com/show_bug.cgi?id=1157698

https://bugzilla.suse.com/show_bug.cgi?id=1157778

https://bugzilla.suse.com/show_bug.cgi?id=1157853

https://bugzilla.suse.com/show_bug.cgi?id=1157895

https://bugzilla.suse.com/show_bug.cgi?id=1157908

https://bugzilla.suse.com/show_bug.cgi?id=1158013

https://bugzilla.suse.com/show_bug.cgi?id=1158021

https://bugzilla.suse.com/show_bug.cgi?id=1158026

https://bugzilla.suse.com/show_bug.cgi?id=1158049

https://bugzilla.suse.com/show_bug.cgi?id=1158063

https://bugzilla.suse.com/show_bug.cgi?id=1158064

https://bugzilla.suse.com/show_bug.cgi?id=1158065

https://bugzilla.suse.com/show_bug.cgi?id=1158066

https://bugzilla.suse.com/show_bug.cgi?id=1158067

https://bugzilla.suse.com/show_bug.cgi?id=1158068

https://bugzilla.suse.com/show_bug.cgi?id=1158071

https://bugzilla.suse.com/show_bug.cgi?id=1158082

https://bugzilla.suse.com/show_bug.cgi?id=1158094

https://bugzilla.suse.com/show_bug.cgi?id=1158132

https://bugzilla.suse.com/show_bug.cgi?id=1158381

https://bugzilla.suse.com/show_bug.cgi?id=1158394

https://bugzilla.suse.com/show_bug.cgi?id=1158398

https://bugzilla.suse.com/show_bug.cgi?id=1158407

https://bugzilla.suse.com/show_bug.cgi?id=1158410

https://bugzilla.suse.com/show_bug.cgi?id=1158413

https://bugzilla.suse.com/show_bug.cgi?id=1158417

https://bugzilla.suse.com/show_bug.cgi?id=1158427

https://bugzilla.suse.com/show_bug.cgi?id=1158445

https://bugzilla.suse.com/show_bug.cgi?id=1158533

https://bugzilla.suse.com/show_bug.cgi?id=1158637

https://bugzilla.suse.com/show_bug.cgi?id=1158638

https://bugzilla.suse.com/show_bug.cgi?id=1158639

https://bugzilla.suse.com/show_bug.cgi?id=1158640

https://bugzilla.suse.com/show_bug.cgi?id=1158641

https://bugzilla.suse.com/show_bug.cgi?id=1158643

https://bugzilla.suse.com/show_bug.cgi?id=1158644

https://bugzilla.suse.com/show_bug.cgi?id=1158645

https://bugzilla.suse.com/show_bug.cgi?id=1158646

https://bugzilla.suse.com/show_bug.cgi?id=1158647

https://bugzilla.suse.com/show_bug.cgi?id=1158649

https://bugzilla.suse.com/show_bug.cgi?id=1158651

https://bugzilla.suse.com/show_bug.cgi?id=1158652

https://bugzilla.suse.com/show_bug.cgi?id=1158819

https://bugzilla.suse.com/show_bug.cgi?id=1158823

https://bugzilla.suse.com/show_bug.cgi?id=1158824

https://bugzilla.suse.com/show_bug.cgi?id=1158827

https://bugzilla.suse.com/show_bug.cgi?id=1158834

https://bugzilla.suse.com/show_bug.cgi?id=1158893

https://bugzilla.suse.com/show_bug.cgi?id=1158900

https://bugzilla.suse.com/show_bug.cgi?id=1158903

https://bugzilla.suse.com/show_bug.cgi?id=1158904

https://bugzilla.suse.com/show_bug.cgi?id=1158954

https://bugzilla.suse.com/show_bug.cgi?id=1159024

https://bugzilla.suse.com/show_bug.cgi?id=1159028

https://bugzilla.suse.com/show_bug.cgi?id=1159297

https://bugzilla.suse.com/show_bug.cgi?id=1159377

https://bugzilla.suse.com/show_bug.cgi?id=1159394

https://bugzilla.suse.com/show_bug.cgi?id=1159483

https://bugzilla.suse.com/show_bug.cgi?id=1159484

https://bugzilla.suse.com/show_bug.cgi?id=1159500

https://bugzilla.suse.com/show_bug.cgi?id=1159569

https://bugzilla.suse.com/show_bug.cgi?id=1159588

https://bugzilla.suse.com/show_bug.cgi?id=1159841

https://bugzilla.suse.com/show_bug.cgi?id=1159908

https://bugzilla.suse.com/show_bug.cgi?id=1159909

https://bugzilla.suse.com/show_bug.cgi?id=1159910

https://bugzilla.suse.com/show_bug.cgi?id=1159911

https://bugzilla.suse.com/show_bug.cgi?id=1159955

https://bugzilla.suse.com/show_bug.cgi?id=1160147

https://bugzilla.suse.com/show_bug.cgi?id=1160195

https://bugzilla.suse.com/show_bug.cgi?id=1160210

https://bugzilla.suse.com/show_bug.cgi?id=1160211

https://bugzilla.suse.com/show_bug.cgi?id=1160433

https://bugzilla.suse.com/show_bug.cgi?id=1160442

https://bugzilla.suse.com/show_bug.cgi?id=1160469

https://bugzilla.suse.com/show_bug.cgi?id=1160470

https://bugzilla.suse.com/show_bug.cgi?id=1160476

https://bugzilla.suse.com/show_bug.cgi?id=1160560

https://bugzilla.suse.com/show_bug.cgi?id=1160618

https://bugzilla.suse.com/show_bug.cgi?id=1160678

https://bugzilla.suse.com/show_bug.cgi?id=1160755

https://bugzilla.suse.com/show_bug.cgi?id=1160756

https://bugzilla.suse.com/show_bug.cgi?id=1160784

https://bugzilla.suse.com/show_bug.cgi?id=1160787

https://bugzilla.suse.com/show_bug.cgi?id=1160802

https://bugzilla.suse.com/show_bug.cgi?id=1160803

https://bugzilla.suse.com/show_bug.cgi?id=1160804

https://bugzilla.suse.com/show_bug.cgi?id=1160917

https://bugzilla.suse.com/show_bug.cgi?id=1160966

https://bugzilla.suse.com/show_bug.cgi?id=1161087

https://bugzilla.suse.com/show_bug.cgi?id=1161243

https://bugzilla.suse.com/show_bug.cgi?id=1161472

https://www.suse.com/security/cve/CVE-2019-19065/

https://www.suse.com/security/cve/CVE-2019-19066/

https://www.suse.com/security/cve/CVE-2019-19067/

https://www.suse.com/security/cve/CVE-2019-19068/

https://www.suse.com/security/cve/CVE-2019-19073/

https://www.suse.com/security/cve/CVE-2019-19074/

https://www.suse.com/security/cve/CVE-2019-19075/

https://www.suse.com/security/cve/CVE-2019-19077/

https://www.suse.com/security/cve/CVE-2019-19078/

https://www.suse.com/security/cve/CVE-2019-19080/

https://www.suse.com/security/cve/CVE-2019-19081/

https://www.suse.com/security/cve/CVE-2019-19082/

https://www.suse.com/security/cve/CVE-2019-19083/

https://www.suse.com/security/cve/CVE-2019-19227/

https://www.suse.com/security/cve/CVE-2019-19318/

https://www.suse.com/security/cve/CVE-2019-19319/

https://www.suse.com/security/cve/CVE-2019-19332/

https://www.suse.com/security/cve/CVE-2019-19338/

https://www.suse.com/security/cve/CVE-2019-19447/

https://www.suse.com/security/cve/CVE-2019-19523/

https://www.suse.com/security/cve/CVE-2019-19524/

https://www.suse.com/security/cve/CVE-2019-19525/

https://www.suse.com/security/cve/CVE-2019-19526/

https://www.suse.com/security/cve/CVE-2019-19527/

https://www.suse.com/security/cve/CVE-2019-19528/

https://www.suse.com/security/cve/CVE-2019-19529/

https://www.suse.com/security/cve/CVE-2019-19530/

https://www.suse.com/security/cve/CVE-2019-19531/

https://www.suse.com/security/cve/CVE-2019-19532/

https://www.suse.com/security/cve/CVE-2019-19533/

https://www.suse.com/security/cve/CVE-2019-19534/

https://www.suse.com/security/cve/CVE-2019-19535/

https://www.suse.com/security/cve/CVE-2019-19536/

https://www.suse.com/security/cve/CVE-2019-19537/

https://www.suse.com/security/cve/CVE-2019-19543/

https://www.suse.com/security/cve/CVE-2019-19767/

https://www.suse.com/security/cve/CVE-2019-19927/

https://www.suse.com/security/cve/CVE-2019-19965/

https://www.suse.com/security/cve/CVE-2019-19966/

https://www.suse.com/security/cve/CVE-2019-20054/

https://www.suse.com/security/cve/CVE-2019-20095/

https://www.suse.com/security/cve/CVE-2019-20096/

https://www.suse.com/security/cve/CVE-2020-8428/

http://www.nessus.org/u?e18d9374

https://www.suse.com/security/cve/CVE-2020-7053/

Plugin Details

Severity: Critical

ID: 134363

File Name: suse_SU-2020-0613-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 3/10/2020

Updated: 3/22/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-14901

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2019-16746

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-livepatch-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug, p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-extra, p-cpe:/a:novell:suse_linux:kernel-rt_debug-base-debuginfo, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra, p-cpe:/a:novell:suse_linux:dlm-kmp-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-rt-debugsource, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-extra-debuginfo, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:kernel-rt_debug-extra-debuginfo, p-cpe:/a:novell:suse_linux:kselftests-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt_debug, p-cpe:/a:novell:suse_linux:reiserfs-kmp-rt, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-rt_debug-livepatch-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt_debug, p-cpe:/a:novell:suse_linux:kselftests-kmp-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kselftests-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt_debug-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/9/2020

Vulnerability Publication Date: 8/19/2019

Reference Information

CVE: CVE-2019-14615, CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901, CVE-2019-15213, CVE-2019-16746, CVE-2019-16994, CVE-2019-18660, CVE-2019-18683, CVE-2019-18808, CVE-2019-18809, CVE-2019-19036, CVE-2019-19045, CVE-2019-19046, CVE-2019-19049, CVE-2019-19051, CVE-2019-19052, CVE-2019-19054, CVE-2019-19056, CVE-2019-19057, CVE-2019-19058, CVE-2019-19060, CVE-2019-19062, CVE-2019-19063, CVE-2019-19065, CVE-2019-19066, CVE-2019-19067, CVE-2019-19068, CVE-2019-19073, CVE-2019-19074, CVE-2019-19075, CVE-2019-19077, CVE-2019-19078, CVE-2019-19080, CVE-2019-19081, CVE-2019-19082, CVE-2019-19083, CVE-2019-19227, CVE-2019-19318, CVE-2019-19319, CVE-2019-19332, CVE-2019-19338, CVE-2019-19447, CVE-2019-19523, CVE-2019-19524, CVE-2019-19525, CVE-2019-19526, CVE-2019-19527, CVE-2019-19528, CVE-2019-19529, CVE-2019-19530, CVE-2019-19531, CVE-2019-19532, CVE-2019-19533, CVE-2019-19534, CVE-2019-19535, CVE-2019-19536, CVE-2019-19537, CVE-2019-19543, CVE-2019-19767, CVE-2019-19927, CVE-2019-19965, CVE-2019-19966, CVE-2019-20054, CVE-2019-20095, CVE-2019-20096, CVE-2020-7053, CVE-2020-8428