Detections
Analytics
openSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)
high Nessus Plugin ID 76228
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
The Linux kernel was updated to fix security issues and bugs.Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel did not check whether a certain length value is sufficiently large, which allowed local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel used the reverse order in a certain subtraction, which allowed local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr_nest function before the vulnerability was announced.
CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors.
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
- ext4: Fix buffer double free in ext4_alloc_branch() (bnc#880599 bnc#876981).
- patches.fixes/firewire-01-net-fix-use-after-free.patch, patches.fixes/firewire-02-ohci-fix-probe-failure-with-ag ere-lsi-controllers.patch, patches.fixes/firewire-03-dont-use-prepare_delayed_work.
patch: Add missing bug reference (bnc#881697).
- firewire: don't use PREPARE_DELAYED_WORK.
- firewire: ohci: fix probe failure with Agere/LSI controllers.
- firewire: net: fix use after free.
- USB: OHCI: fix problem with global suspend on ATI controllers (bnc#868315).
- mm: revert 'page-writeback.c: subtract min_free_kbytes from dirtyable memory' (bnc#879792).
- usb: musb: tusb6010: Use musb->tusb_revision instead of tusb_get_revision call (bnc#872715).
- usb: musb: tusb6010: Add tusb_revision to struct musb to store the revision (bnc#872715).
- ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets (bnc#880613).
- floppy: do not corrupt bio.bi_flags when reading block 0 (bnc#879258).
- reiserfs: call truncate_setsize under tailpack mutex (bnc#878115).
- Update Xen config files: Set compatibility level back to 4.1 (bnc#851338).
- Update config files. Guillaume GARDET reported a broken build due to CONFIG_USB_SERIAL_GENERIC being modular
- memcg: deprecate memory.force_empty knob (bnc#878274).
- nfsd: when reusing an existing repcache entry, unhash it first (bnc#877721).
- Enable Socketcan again for i386 and x86_64 (bnc#858067)
- xhci: extend quirk for Renesas cards (bnc#877713).
- xhci: Fix resume issues on Renesas chips in Samsung laptops (bnc#877713).
- mm: try_to_unmap_cluster() should lock_page() before mlocking (bnc#876102, CVE-2014-3122).
- drm/i915, HD-audio: Don't continue probing when nomodeset is given (bnc#882648).
- x86/mm/numa: Fix 32-bit kernel NUMA boot (bnc#881727).
Solution
Update the affected kernel packages.See Also
https://bugzilla.novell.com/show_bug.cgi?id=851338
https://bugzilla.novell.com/show_bug.cgi?id=858067
https://bugzilla.novell.com/show_bug.cgi?id=868315
https://bugzilla.novell.com/show_bug.cgi?id=869563
https://bugzilla.novell.com/show_bug.cgi?id=870173
https://bugzilla.novell.com/show_bug.cgi?id=870576
https://bugzilla.novell.com/show_bug.cgi?id=871561
https://bugzilla.novell.com/show_bug.cgi?id=872715
https://bugzilla.novell.com/show_bug.cgi?id=873374
https://bugzilla.novell.com/show_bug.cgi?id=876102
https://bugzilla.novell.com/show_bug.cgi?id=876981
https://bugzilla.novell.com/show_bug.cgi?id=877257
https://bugzilla.novell.com/show_bug.cgi?id=877713
https://bugzilla.novell.com/show_bug.cgi?id=877721
https://bugzilla.novell.com/show_bug.cgi?id=878115
https://bugzilla.novell.com/show_bug.cgi?id=878274
https://bugzilla.novell.com/show_bug.cgi?id=879258
https://bugzilla.novell.com/show_bug.cgi?id=879792
https://bugzilla.novell.com/show_bug.cgi?id=880599
https://bugzilla.novell.com/show_bug.cgi?id=880613
https://bugzilla.novell.com/show_bug.cgi?id=880892
https://bugzilla.novell.com/show_bug.cgi?id=881697
https://bugzilla.novell.com/show_bug.cgi?id=881727
https://bugzilla.novell.com/show_bug.cgi?id=882648
https://lists.opensuse.org/opensuse-updates/2014-06/msg00050.html
Plugin Details
Severity: High
ID: 76228
File Name: openSUSE-2014-441.nasl
Version: 1.15
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/26/2014
Updated: 5/25/2022
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-desktop, p-cpe:/a:novell:opensuse:ipset-kmp-xen, p-cpe:/a:novell:opensuse:ndiswrapper, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:vhba-kmp-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae, p-cpe:/a:novell:opensuse:xen-tools-domu, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-pae, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop, p-cpe:/a:novell:opensuse:crash-gcore, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-default, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:cloop-kmp-pae, p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:ipset-devel, p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:crash-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:crash-gcore-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default, p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:crash-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae, p-cpe:/a:novell:opensuse:pcfclock, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons, p-cpe:/a:novell:opensuse:cloop-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:pcfclock-debugsource, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:cloop, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop, p-cpe:/a:novell:opensuse:vhba-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, p-cpe:/a:novell:opensuse:crash-eppic, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:cloop-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:xen-xend-tools, p-cpe:/a:novell:opensuse:ipset-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:cloop-debuginfo, p-cpe:/a:novell:opensuse:crash, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-pae, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:ipset, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:crash-debuginfo, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:cloop-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop, p-cpe:/a:novell:opensuse:iscsitarget-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:crash-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:libipset3, p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae, p-cpe:/a:novell:opensuse:cloop-kmp-xen, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen, p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:ipset-debugsource, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:ndiswrapper-debugsource, p-cpe:/a:novell:opensuse:vhba-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae, p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:crash-kmp-xen, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:libipset3-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-default, p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-default, p-cpe:/a:novell:opensuse:hdjmod-kmp-default, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:crash-eppic-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-default, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:vhba-kmp-xen, p-cpe:/a:novell:opensuse:xtables-addons-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-debugsource
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/19/2014
CISA Known Exploited Vulnerability Due Dates: 6/15/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Android "Towelroot" Futex Requeue Kernel Exploit)
Reference Information
CVE: CVE-2013-7339, CVE-2014-0055, CVE-2014-0077, CVE-2014-2678, CVE-2014-2851, CVE-2014-3122, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153
BID: 66351, 66441, 66543, 66678, 66779, 67162, 67309, 67321, 67906