5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.8 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.089 Low
EPSS
Percentile
94.5%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2019.14051.1");
script_cve_id("CVE-2012-3412", "CVE-2012-3430", "CVE-2013-0160", "CVE-2013-0216", "CVE-2013-0231", "CVE-2013-1979", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2019-11091", "CVE-2019-9213");
script_tag(name:"creation_date", value:"2021-06-09 14:57:24 +0000 (Wed, 09 Jun 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-05-31 16:11:41 +0000 (Fri, 31 May 2019)");
script_name("SUSE: Security Advisory (SUSE-SU-2019:14051-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES11\.0|SLES11\.0SP4)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2019:14051-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2019/suse-su-201914051-1/");
script_xref(name:"URL", value:"https://www.suse.com/support/kb/doc/?id=7023736");
script_tag(name:"summary", value:"The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:14051-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.
Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331)
CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
(MDSUM)
This kernel update contains software mitigations for these issues, which also utilize CPU microcode updates shipped in parallel.
For more information on this set of information leaks, check out [link moved to references]
The following security bugs were fixed:
CVE-2019-9213: The expand_downwards function in mm/mmap.c lacked a check
for the mmap minimum address, which made it easier for attackers to
exploit kernel NULL pointer dereferences on non-SMAP platforms. This is
related to a capability check for the wrong task (bnc#1128166).
CVE-2013-0216: The Xen netback functionality allowed guest OS users to
cause a denial of service (loop) by triggering ring pointer corruption
(bnc#800280).
CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen allowed guest
OS users with PCI device access to cause a denial of service via a large
number of kernel log messages. (bnc#801178).
CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c did not
initialize a certain structure member, which allowed local users to
obtain potentially sensitive information from kernel stack memory via a
recvfrom or recvmsg system call on an RDS socket (bnc#773383).
CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver allowed remote
attackers to cause a denial of service (DMA descriptor consumption and
network-controller outage) via crafted TCP packets that trigger a small
MSS value (bnc#774523).
CVE-2013-0160: The kernel allowed local users to obtain sensitive
information about keystroke timing by using the inotify API on the
/dev/ptmx device (bnc#797175).
CVE-2013-1979: The scm_set_cred function in include/net/scm.h uses
incorrect uid and gid values during credentials passing, which allowed
local users to gain privileges via a crafted application (bnc#816708).
The following non-security bugs were fixed:
Add opcodes from net: filter: BPF 'JIT' compiler for PPC64 (bsc#1131107).
EHCI: improved logic for isochronous scheduling (bsc#1117515).
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
(bsc#1129439).
USB: Add new USB LPM helpers (bsc#1129770).
USB: Consolidate LPM checks to avoid enabling LPM twice (bsc#1129770).
USB: EHCI: add new root-hub state: STOPPING (bsc#1117515).
USB: EHCI: add pointer to end of async-unlink list (bsc#1117515).
USB: EHCI: add symbolic constants for QHs ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'Linux Kernel' package(s) on SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 11-SP4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES11.0") {
if(!isnull(res = isrpmvuln(pkg:"kernel-default-extra", rpm:"kernel-default-extra~3.0.101~108.90.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-extra", rpm:"kernel-pae-extra~3.0.101~108.90.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ppc64-extra", rpm:"kernel-ppc64-extra~3.0.101~108.90.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-extra", rpm:"kernel-trace-extra~3.0.101~108.90.1", rls:"SLES11.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-extra", rpm:"kernel-xen-extra~3.0.101~108.90.1", rls:"SLES11.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES11.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"kernel-bigmem", rpm:"kernel-bigmem~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-bigmem-base", rpm:"kernel-bigmem-base~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-bigmem-devel", rpm:"kernel-bigmem-devel~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-man", rpm:"kernel-default-man~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2", rpm:"kernel-ec2~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-base", rpm:"kernel-ec2-base~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ec2-devel", rpm:"kernel-ec2-devel~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-base", rpm:"kernel-pae-base~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-pae-devel", rpm:"kernel-pae-devel~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ppc64", rpm:"kernel-ppc64~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ppc64-base", rpm:"kernel-ppc64-base~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-ppc64-devel", rpm:"kernel-ppc64-devel~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace", rpm:"kernel-trace~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-base", rpm:"kernel-trace-base~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-trace-devel", rpm:"kernel-trace-devel~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~3.0.101~108.90.1", rls:"SLES11.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.8 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.089 Low
EPSS
Percentile
94.5%