Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.3289.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:3289-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:3289-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:3289-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 kernel-azure was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2019-19531: Fixed a use-after-free due to a malicious USB device in
the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca (bsc#1158445).

CVE-2019-19543: Fixed a use-after-free in serial_ir_init_module() in
drivers/media/rc/serial_ir.c (bsc#1158427).

CVE-2019-19525: Fixed a use-after-free due to a malicious USB device in
the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035
(bsc#1158417).

CVE-2019-19530: Fixed a use-after-free due to a malicious USB device in
the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef
(bsc#1158410).

CVE-2019-19536: Fixed a potential information leak due to a malicious
USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver,
aka CID-ead16e53c2f0 (bsc#1158394).

CVE-2019-19524: Fixed a use-after-free due to a malicious USB device in
the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9
(bsc#1158413).

CVE-2019-19528: Fixed a use-after-free due to a malicious USB device in
the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d
(bsc#1158407).

CVE-2019-19534: Fixed a potential information leak due to a malicious
USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver,
aka CID-f7a1337f0d29 (bsc#1158398).

CVE-2019-19529: Fixed a use-after-free due to a malicious USB device in
the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41
(bsc#1158381).

CVE-2019-14901: Fixed a heap overflow in Marvell WiFi chip driver which
could have allowed a remote attacker to cause denial of service or
execute arbitrary code (bsc#1157042).

CVE-2019-14895: Fixed a heap-based buffer overflow in Marvell WiFi chip
driver which may occur when the station attempts a connection
negotiation during the handling of the remote devices country settings
leading to denial of service (bsc#1157158).

CVE-2019-18660: Fixed a potential information leak on powerpc because
the Spectre-RSB mitigation was not in place for all applicable CPUs, aka
CID-39e72bf96f58 (bsc#1157038).

CVE-2019-18683: Fixed a privilege escalation due to multiple race
conditions (bsc#1155897).

CVE-2019-18809: Fixed a memory leak in the af9005_identify_state()
function in drivers/media/usb/dvb-usb/af9005.c aka CID-2289adbfa559
(bsc#1156258).

CVE-2019-19062: Fixed a memory leak in the crypto_report() function in
crypto/crypto_user_base.c aka CID-ffdde5932042 (bsc#1157333).

CVE-2019-19057: Fixed two memory leaks in the
mwifiex_pcie_init_evt_ring() function in
drivers/net/wireless/marvell/mwifiex/pcie.c aka CID-d10dcb615c8e
(bsc#1157193).

CVE-2019-19056: Fixed a memory leak in the
mwifiex_pcie_alloc_cmdrsp_buf() function in
drivers/net/wireless/marvell/mwifiex/pcie.c aka CID-db8fd2cde932
(bsc#1157197).

CVE-2019-19068: Fixed a memory leak in the rtl8xxxu_submit_int_urb()
f... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-0154
Bugtraq: 20191118 [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01) (Google Search)
https://seclists.org/bugtraq/2019/Nov/26
http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html
RedHat Security Advisories: RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0204
https://usn.ubuntu.com/4186-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-0155
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html
RedHat Security Advisories: RHSA-2019:3841
https://access.redhat.com/errata/RHSA-2019:3841
RedHat Security Advisories: RHSA-2019:3887
https://access.redhat.com/errata/RHSA-2019:3887
RedHat Security Advisories: RHSA-2019:3889
https://access.redhat.com/errata/RHSA-2019:3889
RedHat Security Advisories: RHSA-2019:3908
https://access.redhat.com/errata/RHSA-2019:3908
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.