Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.2710.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:2710-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2710-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:2710-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2017-18595: A double free may be caused by the function
allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).

CVE-2019-14821: An out-of-bounds access issue was found in the way Linux
kernel's KVM hypervisor implements the coalesced MMIO write operation.
It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object,
wherein write indices 'ring->first' and 'ring->last' value could be
supplied by a host user-space process. An unprivileged host user or
process with access to '/dev/kvm' device could use this flaw to crash
the host kernel, resulting in a denial of service or potentially
escalating privileges on the system (bnc#1151350).

CVE-2019-15291: There was a NULL pointer dereference caused by a
malicious USB device in the flexcop_usb_probe function in the
drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).

CVE-2019-9506: The Bluetooth BR/EDR specification up to and including
version 5.1 permitted sufficiently low encryption key length and did not
prevent an attacker from influencing the key length negotiation. This
allowed practical brute-force attacks (aka 'KNOB') that could decrypt
traffic and injected arbitrary ciphertext without the victim noticing
(bnc#1137865 bnc#1146042).

The following non-security bugs were fixed:
ACPI: custom_method: fix memory leaks (bsc#1051510).

ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510).

ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc
(bsc#1051510).

alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680).

ALSA: aoa: onyx: always initialize register read value (bsc#1051510).

ALSA: firewire-tascam: check intermediate state of clock status and
retry (bsc#1051510).

ALSA: firewire-tascam: handle error code when getting current source of
clock (bsc#1051510).

ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
(bsc#1051510).

ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510).

ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510).

ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510).

ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510).

ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet (bsc#1111666).

ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
(bsc#1051510).

atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08).

bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510).

blk-flush: do not run queue for requests bypassing flush (bsc#1137959).

blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959).

blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959).

blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling
(bsc#1151610).

blk-... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1, SUSE Linux Enterprise Module for Live Patching 15-SP1, SUSE Linux Enterprise Module for Legacy Software 15-SP1, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP1, SUSE Linux Enterprise High Availability 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9506
CERT/CC vulnerability note: VU#918987
https://www.kb.cert.org/vuls/id/918987/
http://seclists.org/fulldisclosure/2019/Aug/11
http://seclists.org/fulldisclosure/2019/Aug/13
http://seclists.org/fulldisclosure/2019/Aug/14
http://seclists.org/fulldisclosure/2019/Aug/15
http://www.cs.ox.ac.uk/publications/publication12404-abstract.html
https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli
https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
RedHat Security Advisories: RHSA-2019:2975
https://access.redhat.com/errata/RHSA-2019:2975
RedHat Security Advisories: RHSA-2019:3055
https://access.redhat.com/errata/RHSA-2019:3055
RedHat Security Advisories: RHSA-2019:3076
https://access.redhat.com/errata/RHSA-2019:3076
RedHat Security Advisories: RHSA-2019:3089
https://access.redhat.com/errata/RHSA-2019:3089
RedHat Security Advisories: RHSA-2019:3165
https://access.redhat.com/errata/RHSA-2019:3165
RedHat Security Advisories: RHSA-2019:3187
https://access.redhat.com/errata/RHSA-2019:3187
RedHat Security Advisories: RHSA-2019:3217
https://access.redhat.com/errata/RHSA-2019:3217
RedHat Security Advisories: RHSA-2019:3218
https://access.redhat.com/errata/RHSA-2019:3218
RedHat Security Advisories: RHSA-2019:3220
https://access.redhat.com/errata/RHSA-2019:3220
RedHat Security Advisories: RHSA-2019:3231
https://access.redhat.com/errata/RHSA-2019:3231
RedHat Security Advisories: RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3309
RedHat Security Advisories: RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3517
RedHat Security Advisories: RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
SuSE Security Announcement: openSUSE-SU-2019:2307 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
SuSE Security Announcement: openSUSE-SU-2019:2308 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
https://usn.ubuntu.com/4115-1/
https://usn.ubuntu.com/4118-1/
https://usn.ubuntu.com/4147-1/
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.