Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.2651.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:2651-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2651-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2651-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 for Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c.
There was an out of bounds write in the function i2c_smbus_xfer_emulated
(bnc#1146163).

CVE-2017-18595: A double free may be caused by the function
allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).

CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use
after free exists, related to xfs_fs_fill_super failure (bnc#1146285).

CVE-2018-21008: A use-after-free could have been caused by the function
rsi_mac80211_detach in the file
drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).

CVE-2019-9456: In the Pixel C USB monitor driver there was a possible
OOB write due to a missing bounds check. This could have led to local
escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation (bnc#1150025).

CVE-2019-9506: The Bluetooth BR/EDR specification up to and including
version 5.1 permitted sufficiently low encryption key length and did not
prevent an attacker from influencing the key length negotiation. This
allowed practical brute-force attacks (aka 'KNOB') that could decrypt
traffic and injected arbitrary ciphertext without the victim noticing
(bnc#1137865 bnc#1146042).

CVE-2019-14814: There was a heap-based buffer overflow in the Marvell
wifi chip driver, that allowed local users to cause a denial of service
(system crash) or possibly execute arbitrary code (bnc#1146512).

CVE-2019-14814: There was a heap-based buffer overflow in the Marvell
wifi chip driver, that allowed local users to cause a denial of service
(system crash) or possibly execute arbitrary code (bnc#1146512).

CVE-2019-14816: There was a heap-based buffer overflow in the Marvell
wifi chip driver, that allowed local users to cause a denial of service
(system crash) or possibly execute arbitrary code (bnc#1146516).

CVE-2019-14821: An out-of-bounds access issue was found in the way Linux
kernel's KVM hypervisor implements the coalesced MMIO write operation.
It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object,
wherein write indices 'ring->first' and 'ring->last' value could be
supplied by a host user-space process. An unprivileged host user or
process with access to '/dev/kvm' device could use this flaw to crash
the host kernel, resulting in a denial of service or potentially
escalating privileges on the system (bnc#1151350).

CVE-2019-14835: A buffer overflow flaw was found in the way Linux
kernel's vhost functionality that translates virtqueue buffers to IOVs,
logged the buffer descriptors during migration. A privileged guest user
able to pass descriptors with invalid length to the host when migration
is underway, could have used this flaw to increase their priv... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9456
https://source.android.com/security/bulletin/pixel/2019-09-01
SuSE Security Announcement: openSUSE-SU-2019:2173 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
SuSE Security Announcement: openSUSE-SU-2019:2181 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9506
CERT/CC vulnerability note: VU#918987
https://www.kb.cert.org/vuls/id/918987/
http://seclists.org/fulldisclosure/2019/Aug/11
http://seclists.org/fulldisclosure/2019/Aug/13
http://seclists.org/fulldisclosure/2019/Aug/14
http://seclists.org/fulldisclosure/2019/Aug/15
http://www.cs.ox.ac.uk/publications/publication12404-abstract.html
https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
RedHat Security Advisories: RHSA-2019:2975
https://access.redhat.com/errata/RHSA-2019:2975
RedHat Security Advisories: RHSA-2019:3055
https://access.redhat.com/errata/RHSA-2019:3055
RedHat Security Advisories: RHSA-2019:3076
https://access.redhat.com/errata/RHSA-2019:3076
RedHat Security Advisories: RHSA-2019:3089
https://access.redhat.com/errata/RHSA-2019:3089
RedHat Security Advisories: RHSA-2019:3165
https://access.redhat.com/errata/RHSA-2019:3165
RedHat Security Advisories: RHSA-2019:3187
https://access.redhat.com/errata/RHSA-2019:3187
RedHat Security Advisories: RHSA-2019:3217
https://access.redhat.com/errata/RHSA-2019:3217
RedHat Security Advisories: RHSA-2019:3218
https://access.redhat.com/errata/RHSA-2019:3218
RedHat Security Advisories: RHSA-2019:3220
https://access.redhat.com/errata/RHSA-2019:3220
RedHat Security Advisories: RHSA-2019:3231
https://access.redhat.com/errata/RHSA-2019:3231
RedHat Security Advisories: RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
RedHat Security Advisories: RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
SuSE Security Announcement: openSUSE-SU-2019:2307 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
SuSE Security Announcement: openSUSE-SU-2019:2308 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/
https://usn.ubuntu.com/4147-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.