Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114201813761HistoryJun 09, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2018:1376-1)
2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.976 High
EPSS
Percentile
100.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2018.1376.1");
script_cve_id("CVE-2017-5715", "CVE-2017-5753", "CVE-2018-1000199", "CVE-2018-10675", "CVE-2018-3639");
script_tag(name:"creation_date", value:"2021-06-09 14:57:44 +0000 (Wed, 09 Jun 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-06-07 15:55:59 +0000 (Thu, 07 Jun 2018)");
script_name("SUSE: Security Advisory (SUSE-SU-2018:1376-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES11\.0|SLES11\.0SP3)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2018:1376-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2018/suse-su-20181376-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:1376-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature
in modern CPUs were mitigated, aka 'Spectre Variant 4' (bnc#1087082).
A new boot commandline option was introduced,
'spec_store_bypass_disable', which can have following values:
- auto: Kernel detects whether your CPU model contains an implementation
of Speculative Store Bypass and picks the most appropriate mitigation.
- on: disable Speculative Store Bypass
- off: enable Speculative Store Bypass
- prctl: Control Speculative Store Bypass per thread via prctl.
Speculative Store Bypass is enabled for a process by default. The
state of the control is inherited on fork.
- seccomp: Same as 'prctl' above, but all seccomp threads will disable
SSB unless they explicitly opt out.
The default is 'seccomp', meaning programs need explicit opt-in into the mitigation.
Status can be queried via the
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:
- 'Vulnerable'
- 'Mitigation: Speculative Store Bypass disabled'
- 'Mitigation: Speculative Store Bypass disabled via prctl'
- 'Mitigation: Speculative Store Bypass disabled via prctl and seccomp'
- CVE-2018-1000199: An address corruption flaw was discovered while
modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an
unprivileged user/process could use this flaw to crash the system kernel
resulting in DoS OR to potentially escalate privileges on a the system.
(bsc#1089895)
- CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed
local users to cause a denial of service (use-after-free) or possibly
have unspecified other impact via crafted system calls (bnc#1091755).
- CVE-2017-5715: The retpoline mitigation for Spectre v2 has been enabled
also for 32bit x86.
- CVE-2017-5753: Spectre v1 mitigations have been improved by the versions
merged from the upstream kernel.
The following non-security bugs were fixed:
- Update config files. Set CONFIG_RETPOLINE=y for i386.
- x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).
- xen-netfront: fix req_prod check to avoid RX hang when index wraps
(bsc#1046610).");
script_tag(name:"affected", value:"'Linux Kernel' package(s) on SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 11-SP3.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES11.0") {
if(!isnull(res = isrpmvuln(pkg:"kernel-bigsmp-extra", rpm:"kernel-bigsmp-extra~3.0.101~0.47.106.29.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-extra", rpm:"kernel-default-extra~3.0.101~0.47.106.29.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-extra", rpm:"kernel-pae-extra~3.0.101~0.47.106.29.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ppc64-extra", rpm:"kernel-ppc64-extra~3.0.101~0.47.106.29.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-extra", rpm:"kernel-trace-extra~3.0.101~0.47.106.29.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-extra", rpm:"kernel-xen-extra~3.0.101~0.47.106.29.1", rls:"SLES11.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES11.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"kernel-bigsmp", rpm:"kernel-bigsmp~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-bigsmp-base", rpm:"kernel-bigsmp-base~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-bigsmp-devel", rpm:"kernel-bigsmp-devel~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-man", rpm:"kernel-default-man~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2", rpm:"kernel-ec2~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-base", rpm:"kernel-ec2-base~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-devel", rpm:"kernel-ec2-devel~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-base", rpm:"kernel-pae-base~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-devel", rpm:"kernel-pae-devel~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace", rpm:"kernel-trace~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-base", rpm:"kernel-trace-base~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-devel", rpm:"kernel-trace-devel~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~3.0.101~0.47.106.29.1", rls:"SLES11.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1368-1) (Spectre)
2018-05-23 00:00:00
SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1376-1) (Spectre)
2018-05-23 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1374-1) (Spectre)
2018-05-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:1368-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1374-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1375-1)
2021-04-19 00:00:00
suse
suse
Security update for xen (important)
2018-06-09 15:08:42
Security update for the Linux Kernel (important)
2018-01-16 21:08:19
Security update for the Linux Kernel (important)
2018-01-11 18:10:26
ibm
ibm
checkpoint_advisories
checkpoint_advisories
hp
hp
HPSBHF03573 rev. 15 - Side-Channel Analysis Method
2018-01-04 00:00:00
thn
thn
New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected
2018-05-22 08:27:00
New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection
2021-09-13 07:54:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-06-07 00:00:00
Unbreakable Enterprise kernel security update
2018-01-05 00:00:00
apple
apple
About the security content of macOS High Sierra 10.13.2 Supplemental Update
2018-01-08 00:00:00
About the security content of Safari 11.0.2 - Apple Support
2018-01-08 10:29:34
About the security content of iOS 11.2.2
2018-01-08 00:00:00
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2018-01-23 00:00:00
Linux kernel (KVM) vulnerabilities
2018-01-29 00:00:00
Linux kernel vulnerabilities
2018-02-22 00:00:00
threatpost
threatpost
Apple Releases Spectre Patches for Safari, macOS and iOS
2018-01-08 16:57:57
Experts Weigh In On Spectre Patch Challenges
2018-01-07 23:21:34
vmware
vmware
kaspersky
kaspersky
KLA11173 OSI vulnerability in VMware Products
2018-01-09 00:00:00
msrc
msrc
Speculative Execution Bounty Launch
2018-03-15 00:00:04
redhatcve
redhatcve
CVE-2018-3639
2021-07-25 10:27:21
CVE-2017-5715
2021-07-20 18:54:09
fedora
fedora
[SECURITY] Fedora 27 Update: webkitgtk4-2.18.5-1.fc27
2018-01-12 14:44:12
[SECURITY] Fedora 26 Update: webkitgtk4-2.18.5-1.fc26
2018-01-18 21:11:25
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-02-11 21:42:57
Updated webkit2 packages fix security vulnerabilities
2018-01-14 19:54:13
Updated nvidia-current packages mitigates security issues
2018-01-13 17:28:36
photon
photon
packetstorm
packetstorm
Spectre Information Disclosure Proof Of Concept
2018-01-04 00:00:00
zdt
zdt
Multiple CPUs - Spectre Information Disclosure (PoC) Exploit
2018-01-04 00:00:00
redhat
redhat
(RHSA-2018:1967) Important: kernel-alt security and bug fix update
2018-06-26 15:04:18
(RHSA-2018:0018) Important: kernel security update
2018-01-04 12:42:07
(RHSA-2018:0022) Important: kernel security update
2018-01-04 16:02:23
cert
cert
lenovo
lenovo
Speculative Execution Side Channel Variants 4 and 3a - US
2018-09-13 11:41:00
Reading Privileged Memory with a Side Channel - US
2018-10-24 12:22:52
Reading Privileged Memory with a Side Channel - Lenovo Support US
2018-10-24 12:22:52
qualysblog
qualysblog
Processor Vulnerabilities – Meltdown and Spectre
2018-01-04 02:17:43
Meltdown/Spectre and Qualys Cloud Platform
2018-01-09 02:36:19
symantec
symantec
Multiple CPU Hardware CVE-2017-5753 Information Disclosure Vulnerability
2018-01-03 00:00:00
f5
f5
huawei
huawei
Security Advisory - CPU Vulnerabilities 'Meltdown' and 'Spectre'
2018-01-06 00:00:00
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
2018-06-06 00:00:00
arista
arista
Security Advisory 0031
2018-01-03 00:00:00
virtuozzo
virtuozzo
malwarebytes
malwarebytes
Meltdown and Spectre fallout: patching problems persist
2018-01-11 14:00:00
paloalto
paloalto
Information about Meltdown and Spectre findings
2018-01-04 00:00:00
centos
centos
kernel, perf, python security update
2018-01-04 11:36:27
kernel, perf, python security update
2018-01-04 19:46:26
cloudfoundry
cloudfoundry
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-01-23 00:00:00
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities
2018-01-04 22:20:00
nvidia
nvidia
kitploit
kitploit
seebug
seebug
Reading privileged memory with a side-channel
(Meltdown & Spectre)
2018-01-04 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.976 High
EPSS
Percentile
100.0%
Related for OPENVAS:13614125623114201813761