Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.13979.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:13979-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:13979-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:13979-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2016-10741: fs/xfs/xfs_aops.c allowed local users to cause a denial
of service (system crash) because there is a race condition between
direct and memory-mapped I/O (associated with a hole) that is handled
with BUG_ON instead of an I/O failure (bnc#1114920 bnc#1124010).

CVE-2017-18360: In change_port_settings in drivers/usb/serial/io_ti.c
local users could cause a denial of service by division-by-zero in the
serial device layer by trying to set very high baud rates (bnc#1123706).

CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
corruption due to type confusion. This could lead to local escalation of
privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. (bnc#1118319).

CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
allowed local users to cause a denial of service (NULL pointer
dereference and BUG) via crafted system calls that reach a situation
where ioapic is uninitialized (bnc#1116841).

CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
driver by supplying a malicious USB Sound device (with zero interfaces)
that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).

CVE-2018-19985: The function hso_probe read if_num from the USB device
(as an u8) and used it without a length check to index an array,
resulting in an OOB memory read in hso_probe or hso_get_config_data that
could be used by local attackers (bnc#1120743).

CVE-2018-20169: The USB subsystem mishandled size checks during the
reading of an extra descriptor, related to __usb_get_extra_descriptor in
drivers/usb/core/usb.c (bnc#1119714).

CVE-2019-7222: A information leak in exception handling in KVM could be
used to expose host memory to guests. (bnc#1124735).

The following non-security bugs were fixed:
aacraid: Fix memory leak in aac_fib_map_free (bsc#1115827).

arcmsr: upper 32 of dma address lost (bsc#1115828).

block/swim3: Fix -EBUSY error when re-opening device after unmount
(bsc#1121997).

block/swim: Fix array bounds check (Git-fix).

btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency
for bsc#1113667).

btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).

cpusets, isolcpus: exclude isolcpus from load balancing in cpusets
(bsc#1119255).

dasd: fix deadlock in dasd_times_out (bnc#1117943, LTC#174111).

drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
(bsc#1104098).

drm/ast: Remove existing framebuffers before loading driver (boo#1112963)

drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
(bsc#1106886)

ext4: add missing brelse() update_backups()'s error path (bsc#1117796).

ext4: avoid buffer leak in ext4_orphan_add() after prior errors
... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Real Time Extension 11-SP4, SUSE Linux Enterprise High Availability Extension 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-9568
RedHat Security Advisories: RHSA-2019:0512
https://access.redhat.com/errata/RHSA-2019:0512
RedHat Security Advisories: RHSA-2019:0514
https://access.redhat.com/errata/RHSA-2019:0514
RedHat Security Advisories: RHSA-2019:2696
https://access.redhat.com/errata/RHSA-2019:2696
RedHat Security Advisories: RHSA-2019:2730
https://access.redhat.com/errata/RHSA-2019:2730
RedHat Security Advisories: RHSA-2019:2736
https://access.redhat.com/errata/RHSA-2019:2736
RedHat Security Advisories: RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:3967
RedHat Security Advisories: RHSA-2019:4056
https://access.redhat.com/errata/RHSA-2019:4056
RedHat Security Advisories: RHSA-2019:4159
https://access.redhat.com/errata/RHSA-2019:4159
RedHat Security Advisories: RHSA-2019:4164
https://access.redhat.com/errata/RHSA-2019:4164
RedHat Security Advisories: RHSA-2019:4255
https://access.redhat.com/errata/RHSA-2019:4255
https://usn.ubuntu.com/3880-1/
https://usn.ubuntu.com/3880-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-7222
BugTraq ID: 106963
http://www.securityfocus.com/bid/106963
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/
http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html
https://github.com/torvalds/linux/commits/master/arch/x86/kvm
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
http://www.openwall.com/lists/oss-security/2019/02/18/2
RedHat Security Advisories: RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2029
RedHat Security Advisories: RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2043
RedHat Security Advisories: RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
SuSE Security Announcement: SUSE-SA-2019:0203-1 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html
https://usn.ubuntu.com/3930-1/
https://usn.ubuntu.com/3930-2/
https://usn.ubuntu.com/3931-1/
https://usn.ubuntu.com/3931-2/
https://usn.ubuntu.com/3932-1/
https://usn.ubuntu.com/3932-2/
https://usn.ubuntu.com/3933-1/
https://usn.ubuntu.com/3933-2/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.