Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:13979-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:13979-1 advisory.
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:13979-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial
of service (system crash) because there is a race condition between
direct and memory-mapped I/O (associated with a hole) that is handled
with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010).

CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c
local users could cause a denial of service by division-by-zero in the
serial device layer by trying to set very high baud rates (bnc#1123706).

CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
corruption due to type confusion. This could lead to local escalation of
privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. (bnc#1118319).

CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
allowed local users to cause a denial of service (NULL pointer
dereference and BUG) via crafted system calls that reach a situation
where ioapic is uninitialized (bnc#1116841).

CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
driver by supplying a malicious USB Sound device (with zero interfaces)
that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).

CVE-2018-19985: The function hso_probe read if_num from the USB device
(as an u8) and used it without a length check to index an array,
resulting in an OOB memory read in hso_probe or hso_get_config_data that
could be used by local attackers (bnc#1120743).

CVE-2018-20169: The USB subsystem mishandled size checks during the
reading of an extra descriptor, related to __usb_get_extra_descriptor in
drivers/usb/core/usb.c (bnc#1119714).

CVE-2019-7222: A information leak in exception handling in KVM could be
used to expose host memory to guests. (bnc#1124735).

The following non-security bugs were fixed:
aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827).

arcmsr: upper 32 of dma address lost (bsc#1115828).

block/swim3: Fix -EBUSY error when re-opening device after unmount

block/swim: Fix array bounds check (Git-fix).

btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency
for bsc#1113667).

btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).

cpusets, isolcpus: exclude isolcpus from load balancing in cpusets

dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111).

drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()

drm/ast: Remove existing framebuffers before loading driver (boo#1112963)

drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock

ext4: add missing brelse() update_backups()'s error path (bsc#1117796).

ext4: avoid buffer leak in ext4_orphan_add() after prior errors
... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Real Time Extension 11-SP4, SUSE Linux Enterprise High Availability Extension 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-9568
RedHat Security Advisories: RHSA-2019:0512
RedHat Security Advisories: RHSA-2019:0514
RedHat Security Advisories: RHSA-2019:2696
RedHat Security Advisories: RHSA-2019:2730
RedHat Security Advisories: RHSA-2019:2736
RedHat Security Advisories: RHSA-2019:3967
RedHat Security Advisories: RHSA-2019:4056
RedHat Security Advisories: RHSA-2019:4159
RedHat Security Advisories: RHSA-2019:4164
RedHat Security Advisories: RHSA-2019:4255
Common Vulnerability Exposure (CVE) ID: CVE-2019-7222
BugTraq ID: 106963
RedHat Security Advisories: RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
RedHat Security Advisories: RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
SuSE Security Announcement: SUSE-SA-2019:0203-1 (Google Search)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.