8.3 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2019.1241.1");
script_cve_id("CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16880", "CVE-2019-11091", "CVE-2019-3882", "CVE-2019-9003", "CVE-2019-9500", "CVE-2019-9503");
script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.9");
script_tag(name:"cvss_base_vector", value:"AV:A/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-01-29 15:17:12 +0000 (Wed, 29 Jan 2020)");
script_name("SUSE: Security Advisory (SUSE-SU-2019:1241-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP4)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2019:1241-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2019/suse-su-20191241-1/");
script_xref(name:"URL", value:"https://www.suse.com/support/kb/doc/?id=7023736");
script_tag(name:"summary", value:"The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:1241-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
(MDSUM)
This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.
For more information on this set of vulnerabilities, check out [link moved to references]
The following security bugs were fixed:
CVE-2018-16880: A flaw was found in the handle_rx() function in the
vhost_net driver. A malicious virtual guest, under specific conditions,
could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual
host which may lead to a kernel memory corruption and a system panic.
Due to the nature of the flaw, privilege escalation cannot be fully
ruled out. (bnc#1122767).
CVE-2019-3882: A flaw was found in the vfio interface implementation
that permitted violation of the user's locked memory limit. If a device
is bound to a vfio driver, such as vfio-pci, and the local attacker is
administratively granted ownership of the device, it may cause a system
memory exhaustion and thus a denial of service (DoS). (bnc#1131416
bnc#1131427).
CVE-2019-9003: Attackers could trigger a
drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging
for certain simultaneous execution of the code, as demonstrated by a
'service ipmievd restart' loop (bnc#1126704).
CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results
was fixed. (bnc#1132681).
CVE-2019-9503: A brcmfmac frame validation bypass was fixed.
(bnc#1132828).
The following non-security bugs were fixed:
9p: do not trust pdu content for stat item size (bsc#1051510).
ACPI: acpi_pad: Do not launch acpi_pad threads on idle cpus
(bsc#1113399).
acpi, nfit: Prefer _DSM over _LSR for namespace label reads
(bsc#1112128) (bsc#1132426).
ACPI / SBS: Fix GPE storm on recent MacBookPro's (bsc#1051510).
alsa: core: Fix card races between register and disconnect (bsc#1051510).
alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510).
alsa: firewire: add const qualifier to identifiers for read-only symbols
(bsc#1051510).
alsa: firewire-motu: add a flag for AES/EBU on XLR interface
(bsc#1051510).
alsa: firewire-motu: add specification flag for position of flag for
MIDI messages (bsc#1051510).
alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510).
alsa: firewire-motu: add support for Motu Traveler (bsc#1051510).
alsa: firewire-motu: use 'version' field of unit directory to identify
model (bsc#1051510).
alsa: ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'Linux Kernel' package(s) on SUSE Linux Enterprise Desktop 12-SP4, SUSE Linux Enterprise High Availability 12-SP4, SUSE Linux Enterprise Live Patching 12-SP4, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Workstation Extension 12-SP4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base-debuginfo", rpm:"kernel-default-base-debuginfo~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel-debuginfo", rpm:"kernel-default-devel-debuginfo~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-man", rpm:"kernel-default-man~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-macros", rpm:"kernel-macros~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~4.12.14~95.16.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
8.3 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.7%