Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.2658.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:2658-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2658-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2658-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP1 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c.
There was an out of bounds write in the function i2c_smbus_xfer_emulated
(bnc#1146163).

CVE-2017-18595: A double free may be caused by the function
allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).

CVE-2018-20976: An issue was discovered in fs/xfs/xfs_super.c. A use
after free exists, related to xfs_fs_fill_super failure (bnc#1146285).

CVE-2018-21008: A use-after-free could have been caused by the function
rsi_mac80211_detach in the file
drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591).

CVE-2019-10207: A local denial of service using
HCIUARTSETPROTO/HCI_UART_MRVL was fixed (bnc#1123959 bnc#1142857).

CVE-2019-11477: Jonathan Looney discovered that the
TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow
in the Linux kernel when handling TCP Selective Acknowledgments (SACKs).
A remote attacker could use this to cause a denial of service.
(bnc#1132686 bnc#1137586).

CVE-2019-14814: There was a heap-based buffer overflow in the Marvell
wifi chip driver, that allowed local users to cause a denial of service
(system crash) or possibly execute arbitrary code (bnc#1146512).

CVE-2019-14814: There was a heap-based buffer overflow in the Marvell
wifi chip driver, that allowed local users to cause a denial of service
(system crash) or possibly execute arbitrary code (bnc#1146512).

CVE-2019-14816: There was a heap-based buffer overflow in the Marvell
wifi chip driver, that allowed local users to cause a denial of service
(system crash) or possibly execute arbitrary code (bnc#1146516).

CVE-2019-14821: An out-of-bounds access issue was found in the way Linux
kernel's KVM hypervisor implements the coalesced MMIO write operation.
It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object,
wherein write indices 'ring->first' and 'ring->last' value could be
supplied by a host user-space process. An unprivileged host user or
process with access to '/dev/kvm' device could use this flaw to crash
the host kernel, resulting in a denial of service or potentially
escalating privileges on the system (bnc#1151350).

CVE-2019-14835: A buffer overflow flaw was found in the way Linux
kernel's vhost functionality that translates virtqueue buffers to IOVs,
logged the buffer descriptors during migration. A privileged guest user
able to pass descriptors with invalid length to the host when migration
is underway, could have used this flaw to increase their privileges on
the host (bnc#1150112).

CVE-2019-15030: In the Linux kernel on the powerpc platform, a local
user could have read vector registers of other users' processes via a
Facility Unavailable exception. To exploit the venerability, a local
use... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9456
https://source.android.com/security/bulletin/pixel/2019-09-01
SuSE Security Announcement: openSUSE-SU-2019:2173 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
SuSE Security Announcement: openSUSE-SU-2019:2181 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
Common Vulnerability Exposure (CVE) ID: CVE-2019-9506
CERT/CC vulnerability note: VU#918987
https://www.kb.cert.org/vuls/id/918987/
http://seclists.org/fulldisclosure/2019/Aug/11
http://seclists.org/fulldisclosure/2019/Aug/13
http://seclists.org/fulldisclosure/2019/Aug/14
http://seclists.org/fulldisclosure/2019/Aug/15
http://www.cs.ox.ac.uk/publications/publication12404-abstract.html
https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
RedHat Security Advisories: RHSA-2019:2975
https://access.redhat.com/errata/RHSA-2019:2975
RedHat Security Advisories: RHSA-2019:3055
https://access.redhat.com/errata/RHSA-2019:3055
RedHat Security Advisories: RHSA-2019:3076
https://access.redhat.com/errata/RHSA-2019:3076
RedHat Security Advisories: RHSA-2019:3089
https://access.redhat.com/errata/RHSA-2019:3089
RedHat Security Advisories: RHSA-2019:3165
https://access.redhat.com/errata/RHSA-2019:3165
RedHat Security Advisories: RHSA-2019:3187
https://access.redhat.com/errata/RHSA-2019:3187
RedHat Security Advisories: RHSA-2019:3217
https://access.redhat.com/errata/RHSA-2019:3217
RedHat Security Advisories: RHSA-2019:3218
https://access.redhat.com/errata/RHSA-2019:3218
RedHat Security Advisories: RHSA-2019:3220
https://access.redhat.com/errata/RHSA-2019:3220
RedHat Security Advisories: RHSA-2019:3231
https://access.redhat.com/errata/RHSA-2019:3231
RedHat Security Advisories: RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
RedHat Security Advisories: RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
SuSE Security Announcement: openSUSE-SU-2019:2307 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
SuSE Security Announcement: openSUSE-SU-2019:2308 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/
https://usn.ubuntu.com/4147-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.