openSUSE Update for the openSUSE-SU-2019:2173-1 (the)

Published: 2019-09-25 02:00:54
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
The remote host is missing an update for the 'the' Linux Distribution Package(s) announced via the openSUSE-SU-2019:2173_1 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-18551: There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163). - CVE-2018-20976: A use after free exists, related to xfs_fs_fill_super failure (bnc#1146285). - CVE-2018-21008: A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c (bnc#1149591). - CVE-2019-14814: A heap overflow in mwifiex_set_uap_rates() function of Marvell was fixed. (bnc#1146512). - CVE-2019-14815: A heap overflow in mwifiex_set_wmm_params() function of Marvell Wifi Driver was fixed. (bnc#1146514). - CVE-2019-14816: A heap overflow in mwifiex_update_vs_ie() function of Marvell Wifi Driver was fixed. (bnc#1146516). - CVE-2019-14835: A vhost/vhost_net kernel buffer overflow could lead to guest to host kernel escape during live migration (bnc#1150112). - CVE-2019-15030: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check (bnc#1149713). - CVE-2019-15031: In the Linux kernel on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c (bnc#1149713). - CVE-2019-15090: In the qedi_dbg_* family of functions, there was an out-of-bounds read (bnc#1146399). - CVE-2019-15098: drivers/net/wireless/ath/ath6kl/usb.c had a NULL pointer dereference via an incomplete address in an endpoint descriptor (bnc#1146378). - CVE-2019-15117: parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel mishandled a short descriptor, leading to out-of-bounds memory access (bnc#1145920). - CVE-2019-15118: check_input_term in sound/usb/mixer.c in the Linux kernel mishandled recursion, leading to kernel stack exhaustion (bnc#1145922). - CVE-2019-1 ... Description truncated. Please see the references for more information.

Affected Versions:
'the' Linux Distribution Package(s) on openSUSE Leap 15.0.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-18551
https://nvd.nist.gov/vuln/detail/CVE-2018-20976
https://nvd.nist.gov/vuln/detail/CVE-2018-21008
https://nvd.nist.gov/vuln/detail/CVE-2019-14814
https://nvd.nist.gov/vuln/detail/CVE-2019-14815
https://nvd.nist.gov/vuln/detail/CVE-2019-14816
https://nvd.nist.gov/vuln/detail/CVE-2019-14835
https://nvd.nist.gov/vuln/detail/CVE-2019-15030
https://nvd.nist.gov/vuln/detail/CVE-2019-15031
https://nvd.nist.gov/vuln/detail/CVE-2019-15090
https://nvd.nist.gov/vuln/detail/CVE-2019-15098
https://nvd.nist.gov/vuln/detail/CVE-2019-15117
https://nvd.nist.gov/vuln/detail/CVE-2019-15118
https://nvd.nist.gov/vuln/detail/CVE-2019-15211
https://nvd.nist.gov/vuln/detail/CVE-2019-15212
https://nvd.nist.gov/vuln/detail/CVE-2019-15214
https://nvd.nist.gov/vuln/detail/CVE-2019-15215
https://nvd.nist.gov/vuln/detail/CVE-2019-15216
https://nvd.nist.gov/vuln/detail/CVE-2019-15217
https://nvd.nist.gov/vuln/detail/CVE-2019-15218
https://nvd.nist.gov/vuln/detail/CVE-2019-15219
https://nvd.nist.gov/vuln/detail/CVE-2019-15220
https://nvd.nist.gov/vuln/detail/CVE-2019-15221
https://nvd.nist.gov/vuln/detail/CVE-2019-15222
https://nvd.nist.gov/vuln/detail/CVE-2019-15239
https://nvd.nist.gov/vuln/detail/CVE-2019-15290
https://nvd.nist.gov/vuln/detail/CVE-2019-15292
https://nvd.nist.gov/vuln/detail/CVE-2019-15538
https://nvd.nist.gov/vuln/detail/CVE-2019-15666
https://nvd.nist.gov/vuln/detail/CVE-2019-15902
https://nvd.nist.gov/vuln/detail/CVE-2019-15917
https://nvd.nist.gov/vuln/detail/CVE-2019-15919
https://nvd.nist.gov/vuln/detail/CVE-2019-15920
https://nvd.nist.gov/vuln/detail/CVE-2019-15921
https://nvd.nist.gov/vuln/detail/CVE-2019-15924
https://nvd.nist.gov/vuln/detail/CVE-2019-15926
https://nvd.nist.gov/vuln/detail/CVE-2019-15927
https://nvd.nist.gov/vuln/detail/CVE-2019-9456

CVE Analysis

https://www.mageni.net/cve/CVE-2017-18551
https://www.mageni.net/cve/CVE-2018-20976
https://www.mageni.net/cve/CVE-2018-21008
https://www.mageni.net/cve/CVE-2019-14814
https://www.mageni.net/cve/CVE-2019-14815
https://www.mageni.net/cve/CVE-2019-14816
https://www.mageni.net/cve/CVE-2019-14835
https://www.mageni.net/cve/CVE-2019-15030
https://www.mageni.net/cve/CVE-2019-15031
https://www.mageni.net/cve/CVE-2019-15090
https://www.mageni.net/cve/CVE-2019-15098
https://www.mageni.net/cve/CVE-2019-15117
https://www.mageni.net/cve/CVE-2019-15118
https://www.mageni.net/cve/CVE-2019-15211
https://www.mageni.net/cve/CVE-2019-15212
https://www.mageni.net/cve/CVE-2019-15214
https://www.mageni.net/cve/CVE-2019-15215
https://www.mageni.net/cve/CVE-2019-15216
https://www.mageni.net/cve/CVE-2019-15217
https://www.mageni.net/cve/CVE-2019-15218
https://www.mageni.net/cve/CVE-2019-15219
https://www.mageni.net/cve/CVE-2019-15220
https://www.mageni.net/cve/CVE-2019-15221
https://www.mageni.net/cve/CVE-2019-15222
https://www.mageni.net/cve/CVE-2019-15239
https://www.mageni.net/cve/CVE-2019-15290
https://www.mageni.net/cve/CVE-2019-15292
https://www.mageni.net/cve/CVE-2019-15538
https://www.mageni.net/cve/CVE-2019-15666
https://www.mageni.net/cve/CVE-2019-15902
https://www.mageni.net/cve/CVE-2019-15917
https://www.mageni.net/cve/CVE-2019-15919
https://www.mageni.net/cve/CVE-2019-15920
https://www.mageni.net/cve/CVE-2019-15921
https://www.mageni.net/cve/CVE-2019-15924
https://www.mageni.net/cve/CVE-2019-15926
https://www.mageni.net/cve/CVE-2019-15927
https://www.mageni.net/cve/CVE-2019-9456

References:

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

Severity
High
CVSS Score
10.0
Published
2019-09-25
Modified
2019-09-27
Category
SuSE Local Security Checks

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.