7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.016 Low
EPSS
Percentile
87.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2018.2450.1");
script_cve_id("CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-3620", "CVE-2018-3646", "CVE-2018-5391");
script_tag(name:"creation_date", value:"2021-06-09 14:57:38 +0000 (Wed, 09 Jun 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-11-16 18:47:23 +0000 (Fri, 16 Nov 2018)");
script_name("SUSE: Security Advisory (SUSE-SU-2018:2450-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2018:2450-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2018/suse-su-20182450-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:2450-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The SUSE Linux Enterprise 15 azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-5391: A remote attacker even with relatively low bandwidth
could have caused lots of CPU usage by triggering the worst case
scenario during fragment reassembly (bsc#1103097)
- CVE-2018-3620, CVE-2018-3646: Local attackers in virtualized guest
systems could use speculative code patterns on hyperthreaded processors
to read data present in the L1 Datacache used by other hyperthreads on
the same CPU core, potentially leaking sensitive data, even from other
virtual machines or the host system. (bnc#1089343, bsc#1087081).
- CVE-2018-10882: A local user could have caused an out-of-bound write,
leading to denial of service and a system crash by unmounting a crafted
ext4 filesystem image (bsc#1099849).
- CVE-2018-10880: Prevent a stack-out-of-bounds write in the ext4
filesystem code when mounting and writing crafted ext4 images. An
attacker could have used this to cause a system crash and a denial of
service (bsc#1099845).
- CVE-2018-10881: A local user could have caused an out-of-bound access
and a system crash by mounting and operating on a crafted ext4
filesystem image (bsc#1099864).
- CVE-2018-10877: Prevent an out-of-bound access in the
ext4_ext_drop_refs() function when operating on a crafted ext4
filesystem image (bsc#1099846).
- CVE-2018-10876: Prevent use-after-free in ext4_ext_remove_space()
function when mounting and operating a crafted ext4 image (bsc#1099811).
- CVE-2018-10878: A local user could have caused an out-of-bounds write
and a denial of service by mounting and operating a crafted ext4
filesystem image (bsc#1099813).
- CVE-2018-10883: A local user could have caused an out-of-bounds write in
jbd2_journal_dirty_metadata(), a denial of service, and a system crash
by mounting and operating on a crafted ext4 filesystem image
(bsc#1099863).
- CVE-2018-10879: A local user could have caused a use-after-free in
ext4_xattr_set_entry function and a denial of service or unspecified
other impact may occur by renaming a file in a crafted ext4 filesystem
image (bsc#1099844).
- CVE-2018-10853: A flaw was found in Linux Kernel KVM. In which certain
instructions such as sgdt/sidt call segmented_write_std doesn't
propagate access correctly. As such, during userspace induced exception,
the guest can incorrectly assume that the exception happened in the
kernel and panic. (bnc#1097104).
The following non-security bugs were fixed:
- apci / lpss: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is
2 (bsc#1051510).
- acpi / pci: Bail early in acpi_pci_add_bus() if there is no ACPI handle
(bsc#1051510).
- af_key: Always verify length of provided sadb_key (bsc#1051510).
- af_key: fix buffer overread in parse_exthdrs() (bsc#1051510).
- af_key: fix buffer overread in verify_address_len() (bsc#1051510).
- ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'Linux Kernel' package(s) on SUSE Linux Enterprise Module for Public Cloud 15.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"kernel-azure", rpm:"kernel-azure~4.12.14~5.13.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-azure-base", rpm:"kernel-azure-base~4.12.14~5.13.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-azure-base-debuginfo", rpm:"kernel-azure-base-debuginfo~4.12.14~5.13.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-azure-debuginfo", rpm:"kernel-azure-debuginfo~4.12.14~5.13.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-azure-devel", rpm:"kernel-azure-devel~4.12.14~5.13.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel-azure", rpm:"kernel-devel-azure~4.12.14~5.13.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source-azure", rpm:"kernel-source-azure~4.12.14~5.13.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms-azure", rpm:"kernel-syms-azure~4.12.14~5.13.1", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.016 Low
EPSS
Percentile
87.1%