Detections
Analytics
SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)
high Nessus Plugin ID 143784
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes.The following security bugs were fixed :
CVE-2020-25643: Added range checks in ppp_cp_parse_cr() (bsc#1177206).
CVE-2020-25641: Allowed for_each_bvec to support zero len bvec (bsc#1177121).
CVE-2020-25645: Added transport ports in route lookup for geneve (bsc#1177511).
CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause (bsc#1176423).
CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#1176725).
CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check (bsc#1176722).
CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc#1176721).
CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references (bsc#1176011).
CVE-2020-14386: Fixed a memory corruption which could have been exploited to gain root privileges from unprivileged processes (bsc#1176069).
CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size (bnc#1176235).
CVE-2020-1749: Use ip6_dst_lookup_flow instead of ip6_dst_lookup (bsc#1165629).
CVE-2020-25212: Fixed getxattr kernel panic and memory overflow (bsc#1176381).
CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices (bsc#1176482).
CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms (bsc#1176990).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Realtime 15-SP1 :
zypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3014=1
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1055186
https://bugzilla.suse.com/show_bug.cgi?id=1058115
https://bugzilla.suse.com/show_bug.cgi?id=1065600
https://bugzilla.suse.com/show_bug.cgi?id=1065729
https://bugzilla.suse.com/show_bug.cgi?id=1094244
https://bugzilla.suse.com/show_bug.cgi?id=1112178
https://bugzilla.suse.com/show_bug.cgi?id=1113956
https://bugzilla.suse.com/show_bug.cgi?id=1136666
https://bugzilla.suse.com/show_bug.cgi?id=1140683
https://bugzilla.suse.com/show_bug.cgi?id=1152148
https://bugzilla.suse.com/show_bug.cgi?id=1154366
https://bugzilla.suse.com/show_bug.cgi?id=1163524
https://bugzilla.suse.com/show_bug.cgi?id=1165629
https://bugzilla.suse.com/show_bug.cgi?id=1166965
https://bugzilla.suse.com/show_bug.cgi?id=1167527
https://bugzilla.suse.com/show_bug.cgi?id=1169972
https://bugzilla.suse.com/show_bug.cgi?id=1170232
https://bugzilla.suse.com/show_bug.cgi?id=1171558
https://bugzilla.suse.com/show_bug.cgi?id=1171688
https://bugzilla.suse.com/show_bug.cgi?id=1171742
https://bugzilla.suse.com/show_bug.cgi?id=1172073
https://bugzilla.suse.com/show_bug.cgi?id=1172538
https://bugzilla.suse.com/show_bug.cgi?id=1172873
https://bugzilla.suse.com/show_bug.cgi?id=1173060
https://bugzilla.suse.com/show_bug.cgi?id=1173115
https://bugzilla.suse.com/show_bug.cgi?id=1174748
https://bugzilla.suse.com/show_bug.cgi?id=1174899
https://bugzilla.suse.com/show_bug.cgi?id=1175228
https://bugzilla.suse.com/show_bug.cgi?id=1175520
https://bugzilla.suse.com/show_bug.cgi?id=1175667
https://bugzilla.suse.com/show_bug.cgi?id=1175691
https://bugzilla.suse.com/show_bug.cgi?id=1175749
https://bugzilla.suse.com/show_bug.cgi?id=1175882
https://bugzilla.suse.com/show_bug.cgi?id=1176011
https://bugzilla.suse.com/show_bug.cgi?id=1176022
https://bugzilla.suse.com/show_bug.cgi?id=1176038
https://bugzilla.suse.com/show_bug.cgi?id=1176069
https://bugzilla.suse.com/show_bug.cgi?id=1176235
https://bugzilla.suse.com/show_bug.cgi?id=1176242
https://bugzilla.suse.com/show_bug.cgi?id=1176278
https://bugzilla.suse.com/show_bug.cgi?id=1176316
https://bugzilla.suse.com/show_bug.cgi?id=1176317
https://bugzilla.suse.com/show_bug.cgi?id=1176318
https://bugzilla.suse.com/show_bug.cgi?id=1176319
https://bugzilla.suse.com/show_bug.cgi?id=1176320
https://bugzilla.suse.com/show_bug.cgi?id=1176321
https://bugzilla.suse.com/show_bug.cgi?id=1176381
https://bugzilla.suse.com/show_bug.cgi?id=1176395
https://bugzilla.suse.com/show_bug.cgi?id=1176400
https://bugzilla.suse.com/show_bug.cgi?id=1176410
https://bugzilla.suse.com/show_bug.cgi?id=1176423
https://bugzilla.suse.com/show_bug.cgi?id=1176482
https://bugzilla.suse.com/show_bug.cgi?id=1176507
https://bugzilla.suse.com/show_bug.cgi?id=1176536
https://bugzilla.suse.com/show_bug.cgi?id=1176544
https://bugzilla.suse.com/show_bug.cgi?id=1176545
https://bugzilla.suse.com/show_bug.cgi?id=1176546
https://bugzilla.suse.com/show_bug.cgi?id=1176548
https://bugzilla.suse.com/show_bug.cgi?id=1176659
https://bugzilla.suse.com/show_bug.cgi?id=1176698
https://bugzilla.suse.com/show_bug.cgi?id=1176699
https://bugzilla.suse.com/show_bug.cgi?id=1176700
https://bugzilla.suse.com/show_bug.cgi?id=1176721
https://bugzilla.suse.com/show_bug.cgi?id=1176722
https://bugzilla.suse.com/show_bug.cgi?id=1176725
https://bugzilla.suse.com/show_bug.cgi?id=1176732
https://bugzilla.suse.com/show_bug.cgi?id=1176788
https://bugzilla.suse.com/show_bug.cgi?id=1176789
https://bugzilla.suse.com/show_bug.cgi?id=1176869
https://bugzilla.suse.com/show_bug.cgi?id=1176877
https://bugzilla.suse.com/show_bug.cgi?id=1176935
https://bugzilla.suse.com/show_bug.cgi?id=1176946
https://bugzilla.suse.com/show_bug.cgi?id=1176950
https://bugzilla.suse.com/show_bug.cgi?id=1176962
https://bugzilla.suse.com/show_bug.cgi?id=1176966
https://bugzilla.suse.com/show_bug.cgi?id=1176990
https://bugzilla.suse.com/show_bug.cgi?id=1177027
https://bugzilla.suse.com/show_bug.cgi?id=1177030
https://bugzilla.suse.com/show_bug.cgi?id=1177041
https://bugzilla.suse.com/show_bug.cgi?id=1177042
https://bugzilla.suse.com/show_bug.cgi?id=1177043
https://bugzilla.suse.com/show_bug.cgi?id=1177044
https://bugzilla.suse.com/show_bug.cgi?id=1177121
https://bugzilla.suse.com/show_bug.cgi?id=1177206
https://bugzilla.suse.com/show_bug.cgi?id=1177258
https://bugzilla.suse.com/show_bug.cgi?id=1177291
https://bugzilla.suse.com/show_bug.cgi?id=1177293
https://bugzilla.suse.com/show_bug.cgi?id=1177294
https://bugzilla.suse.com/show_bug.cgi?id=1177295
https://bugzilla.suse.com/show_bug.cgi?id=1177296
https://bugzilla.suse.com/show_bug.cgi?id=1177340
https://bugzilla.suse.com/show_bug.cgi?id=1177511
https://www.suse.com/security/cve/CVE-2020-0404/
https://www.suse.com/security/cve/CVE-2020-0427/
https://www.suse.com/security/cve/CVE-2020-0431/
https://www.suse.com/security/cve/CVE-2020-0432/
https://www.suse.com/security/cve/CVE-2020-14381/
https://www.suse.com/security/cve/CVE-2020-14386/
https://www.suse.com/security/cve/CVE-2020-14390/
https://www.suse.com/security/cve/CVE-2020-1749/
https://www.suse.com/security/cve/CVE-2020-25212/
https://www.suse.com/security/cve/CVE-2020-25284/
https://www.suse.com/security/cve/CVE-2020-25641/
https://www.suse.com/security/cve/CVE-2020-25643/
https://www.suse.com/security/cve/CVE-2020-25645/
Plugin Details
Severity: High
ID: 143784
File Name: suse_SU-2020-3014-1.nasl
Version: 1.4
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 12/9/2020
Updated: 2/5/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C
CVSS Score Source: CVE-2020-25643
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2020-14386
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo, p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-debugsource, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/23/2020
Vulnerability Publication Date: 9/9/2020
Reference Information
CVE: CVE-2020-0404, CVE-2020-0427, CVE-2020-0431, CVE-2020-0432, CVE-2020-14381, CVE-2020-14386, CVE-2020-14390, CVE-2020-1749, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641, CVE-2020-25643, CVE-2020-25645, CVE-2020-26088