Description: | Summary: The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:0784-1 advisory.
Vulnerability Insight: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed: CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).
CVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).
CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).
CVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable (bnc#1123161).
CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907).
CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).
CVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).
CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).
CVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).
CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728).
CVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks. (bnc#1122971).
The following non-security bugs were fixed: 6lowpan: iphc: reset mac_header after decompress to fix panic (bsc#1051510).
9p: clear dangling pointers in p9stat_free (bsc#1051510).
9p locks: fix glock.client_id leak in do_lock (bsc#1051510).
9p/net: fix memory leak in p9_client_create (bsc#1051510).
9p/net: put a lower bound on msize (bsc#1051510).
9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510).
ACPI/APEI: Clear GHES block_status before panic() (bsc#1051510).
acpi / ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS: 'Linux Kernel' package(s) on SUSE Linux Enterprise High Availability 15, SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Legacy Software 15, SUSE Linux Enterprise Module for Live Patching 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Workstation Extension 15.
Solution: Please install the updated package(s).
CVSS Score: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
|