|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2019:2424-1)|
|Summary:||The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2424-1 advisory.|
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2424-1 advisory.
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following new features were implemented:
jsc#SLE-4875: [CML] New device IDs for CML
jsc#SLE-7294: Add cpufreq driver for Raspberry Pi
fate#326869: perf: pmu mem_load/store event support
fate#327380: KVM: Add hardware CPU Model - kernel part
fate#327377: KVM: Support for configurable virtio-crypto
fate#327775: vpmem: DRAM backed persistent volumes for improved SAP HANA
on POWER restart times
fate#326472: Marvell Armada 7K/8K Ethernet (incl. 10G) kernel enablement
fate#326416: Hi1620 (Vendor: Huawei): RDMA kernel enablement
fate#326415: Hi1620 (Vendor: Huawei): HNS3 (100G) network kernel
The following security bugs were fixed:
CVE-2019-14835: Fix QEMU-KVM Guest to Host Kernel Escape. (bsc#1150112).
CVE-2019-15216: Fix a NULL pointer dereference caused by a malicious USB
device in the drivers/usb/misc/yurex.c driver. (bsc#1146361).
CVE-2019-15924: Fix a NULL pointer dereference because there was no
-ENOMEM upon an alloc_workqueue failure. (bsc#1149612).
CVE-2019-9456: In Pixel C USB monitor driver there was a possible OOB
write due to a missing bounds check. This could have lead to local
escalation of privilege with System execution privileges needed.
CVE-2019-15030, CVE-2019-15031: On the powerpc platform, a local user
could read vector registers of other users' processes via an interrupt.
CVE-2019-15920: SMB2_read in fs/cifs/smb2pdu.c had a use-after-free.
CVE-2019-15921: There was a memory leak issue when idr_alloc() failed
CVE-2018-21008: A use-after-free can be caused by the function
CVE-2019-15919: SMB2_write in fs/cifs/smb2pdu.c had a use-after-free.
CVE-2019-15917: There was a use-after-free issue when
hci_uart_register_dev() failed in hci_uart_set_proto() (bsc#1149539)
CVE-2019-15926: Out of bounds access existed in the functions
ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx
CVE-2019-15927: An out-of-bounds access existed in the function
CVE-2019-15902: A backporting error reintroduced the Spectre
vulnerability that it aimed to eliminate. (bnc#1149376)
CVE-2019-15666: There was an out-of-bounds array access in
__xfrm_policy_unlink, which would cause denial of service, because
verify_newpolicy_info mishandled directory validation. (bsc#1148394).
CVE-2019-15219: There was a NULL pointer dereference caused by a
malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Fix three heap-based
buffer overflows in marvell wifi chip driver kernel, that allowed local
users to cause a denial of service (system crash) or possibly execute
arbitrary code. (bnc#1146516... [Please see the references for more information on the vulnerabilities]
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Live Patching 15-SP1, SUSE Linux Enterprise Module for Legacy Software 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise High Availability 15-SP1
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2019-9456|
SuSE Security Announcement: openSUSE-SU-2019:2173 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:2181 (Google Search)
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.