Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.2424.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:2424-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2424-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2424-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following new features were implemented:
jsc#SLE-4875: [CML] New device IDs for CML

jsc#SLE-7294: Add cpufreq driver for Raspberry Pi

fate#326869: perf: pmu mem_load/store event support

fate#327380: KVM: Add hardware CPU Model - kernel part

fate#327377: KVM: Support for configurable virtio-crypto

fate#327775: vpmem: DRAM backed persistent volumes for improved SAP HANA
on POWER restart times

fate#326472: Marvell Armada 7K/8K Ethernet (incl. 10G) kernel enablement

fate#326416: Hi1620 (Vendor: Huawei): RDMA kernel enablement

fate#326415: Hi1620 (Vendor: Huawei): HNS3 (100G) network kernel
enablement

The following security bugs were fixed:
CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112).

CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB
device in the drivers/usb/misc/yurex.c driver. (bsc#1146361).

CVE-2019-15924: Fix a NULL pointer dereference because there was no
-ENOMEM upon an alloc_workqueue failure. (bsc#1149612).

CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB
write due to a missing bounds check. This could have lead to local
escalation of privilege with System execution privileges needed.
(bsc#1150025 CVE-2019-9456).

CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user
could read vector registers of other users' processes via an interrupt.
(bsc#1149713)

CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free.
(bsc#1149626)

CVE-2019-15921: There was a memory leak issue when idr_alloc() failed
(bsc#1149602)

CVE-2018-21008: A use-after-free can be caused by the function
rsi_mac80211_detach (bsc#1149591).

CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free.
(bsc#1149552)

CVE-2019-15917: There was a use-after-free issue when
hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539)

CVE-2019-15926: Out of bounds access existed in the functions
ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx
(bsc#1149527)

CVE-2019-15927: An out-of-bounds access existed in the function
build_audio_procunit (bsc#1149522)

CVE-2019-15902: A backporting error reintroduced the Spectre
vulnerability that it aimed to eliminate. (bnc#1149376)

CVE-2019-15666: There was an out-of-bounds array access in
__xfrm_policy_unlink, which would cause denial of service, because
verify_newpolicy_info mishandled directory validation. (bsc#1148394).

CVE-2019-15219: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
(bsc#1146524)

CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based
buffer overflows in marvell wifi chip driver kernel, that allowed local
users to cause a denial of service (system crash) or possibly execute
arbitrary code. (bnc#1146516... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Live Patching 15-SP1, SUSE Linux Enterprise Module for Legacy Software 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise High Availability 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9456
https://source.android.com/security/bulletin/pixel/2019-09-01
SuSE Security Announcement: openSUSE-SU-2019:2173 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
SuSE Security Announcement: openSUSE-SU-2019:2181 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.