Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.3381.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:3381-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:3381-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:3381-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2019-19767: Fixed ext4_expand_extra_isize mishandles, as
demonstrated by use-after-free errors in __ext4_expand_extra_isize and
ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c
(bnc#1159297).

CVE-2019-18808: Fixed a memory leak in the ccp_run_sha_cmd() function in
drivers/crypto/ccp/ccp-ops.c allowed attackers to cause a denial of
service (memory consumption) (bnc#1156259).

CVE-2019-19066: Fixed memory leak in the bfad_im_get_stats() function in
drivers/scsi/bfa/bfad_attr.c that allowed attackers to cause a denial of
service (memory consumption) by triggering bfa_port_get_stats() failures
(bnc#1157303).

CVE-2019-19051: Fixed memory leak in the i2400m_op_rfkill_sw_toggle()
function in drivers/net/wimax/i2400m/op-rfkill.c that allowed attackers
to cause a denial of service (memory consumption) (bnc#1159024).

CVE-2019-19338: There was an incomplete fix for Transaction Asynchronous
Abort (TAA) (bsc#1158954).

CVE-2019-19332: There was an OOB memory write via
kvm_dev_ioctl_get_cpuid (bsc#1158827).

CVE-2019-19537: There was a race condition bug that could have been
caused by a malicious USB device in the USB character device driver
layer (bnc#1158904).

CVE-2019-19535: There was an info-leak bug that could have been caused
by a malicious USB device in the
drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver (bnc#1158903).

CVE-2019-19527: There was a use-after-free bug that could have been
caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c
driver (bnc#1158900).

CVE-2019-19526: There was a use-after-free bug that could have been
caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver
(bnc#1158893).

CVE-2019-19533: There was an info-leak bug that could have been caused
by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c
driver (bnc#1158834).

CVE-2019-19532: There were multiple out-of-bounds write bugs that could
have been caused by a malicious USB device in the Linux kernel HID
drivers (bnc#1158824).

CVE-2019-19523: There was a use-after-free bug that could have been
caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
(bnc#1158823).

CVE-2019-15213: An issue was discovered in the Linux kernel, there was a
use-after-free caused by a malicious USB device in the
drivers/media/usb/dvb-usb/dvb-usb-init.c driver (bnc#1146544).

CVE-2019-19531: There was a use-after-free bug that can be caused by a
malicious USB device in the drivers/usb/misc/yurex.c driver
(bnc#1158445).

CVE-2019-19543: There was a use-after-free in serial_ir_init_module() in
drivers/media/rc/serial_ir.c (bnc#1158427).

CVE-2019-19525: There was a use-after-free bug that can be caused by a
malicious USB device in the drivers/net/ieee802154/atusb.c driver
(... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Workstation Extension 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Live Patching 15, SUSE Linux Enterprise Module for Legacy Software 15, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise High Availability 15

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-14895
Common Vulnerability Exposure (CVE) ID: CVE-2019-14901
Common Vulnerability Exposure (CVE) ID: CVE-2019-15213
Common Vulnerability Exposure (CVE) ID: CVE-2019-15916
Common Vulnerability Exposure (CVE) ID: CVE-2019-16231
Common Vulnerability Exposure (CVE) ID: CVE-2019-17055
Common Vulnerability Exposure (CVE) ID: CVE-2019-18660
Common Vulnerability Exposure (CVE) ID: CVE-2019-18683
Common Vulnerability Exposure (CVE) ID: CVE-2019-18805
Common Vulnerability Exposure (CVE) ID: CVE-2019-18808
Common Vulnerability Exposure (CVE) ID: CVE-2019-18809
Common Vulnerability Exposure (CVE) ID: CVE-2019-19049
Common Vulnerability Exposure (CVE) ID: CVE-2019-19051
Common Vulnerability Exposure (CVE) ID: CVE-2019-19052
Common Vulnerability Exposure (CVE) ID: CVE-2019-19056
Common Vulnerability Exposure (CVE) ID: CVE-2019-19057
Common Vulnerability Exposure (CVE) ID: CVE-2019-19058
Common Vulnerability Exposure (CVE) ID: CVE-2019-19060
Common Vulnerability Exposure (CVE) ID: CVE-2019-19062
Common Vulnerability Exposure (CVE) ID: CVE-2019-19063
Common Vulnerability Exposure (CVE) ID: CVE-2019-19065
Common Vulnerability Exposure (CVE) ID: CVE-2019-19066
Common Vulnerability Exposure (CVE) ID: CVE-2019-19067
Common Vulnerability Exposure (CVE) ID: CVE-2019-19068
Common Vulnerability Exposure (CVE) ID: CVE-2019-19073
Common Vulnerability Exposure (CVE) ID: CVE-2019-19074
Common Vulnerability Exposure (CVE) ID: CVE-2019-19075
Common Vulnerability Exposure (CVE) ID: CVE-2019-19077
Common Vulnerability Exposure (CVE) ID: CVE-2019-19227
Common Vulnerability Exposure (CVE) ID: CVE-2019-19332
Common Vulnerability Exposure (CVE) ID: CVE-2019-19338
Common Vulnerability Exposure (CVE) ID: CVE-2019-19523
Common Vulnerability Exposure (CVE) ID: CVE-2019-19524
Common Vulnerability Exposure (CVE) ID: CVE-2019-19525
Common Vulnerability Exposure (CVE) ID: CVE-2019-19526
Common Vulnerability Exposure (CVE) ID: CVE-2019-19527
Common Vulnerability Exposure (CVE) ID: CVE-2019-19528
Common Vulnerability Exposure (CVE) ID: CVE-2019-19529
Common Vulnerability Exposure (CVE) ID: CVE-2019-19530
Common Vulnerability Exposure (CVE) ID: CVE-2019-19531
Common Vulnerability Exposure (CVE) ID: CVE-2019-19532
Common Vulnerability Exposure (CVE) ID: CVE-2019-19533
Common Vulnerability Exposure (CVE) ID: CVE-2019-19534
Common Vulnerability Exposure (CVE) ID: CVE-2019-19535
Common Vulnerability Exposure (CVE) ID: CVE-2019-19536
Common Vulnerability Exposure (CVE) ID: CVE-2019-19537
Common Vulnerability Exposure (CVE) ID: CVE-2019-19543
Common Vulnerability Exposure (CVE) ID: CVE-2019-19767
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.