8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.974 High
EPSS
Percentile
99.9%
The openSUSE Leap 15.1 was updated to receive various security and bugfixes.
The following security bugs were fixed :
CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic.
(bsc#1137586).
CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586)
CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values.
(bsc#1137586)
CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291).
CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293).
CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a ‘double fetch’ vulnerability. (bnc#1136922)
CVE-2019-12380: An issue was discovered in the efi subsystem in the Linux kernel phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures (bnc#1136598).
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bnc#1136424).
CVE-2019-10124: An attacker could exploit an issue in the hwpoison implementation to cause a denial of service (BUG). (bsc#1130699)
CVE-2019-12382: In the drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) (bnc#1136586).
CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bnc#1133190).
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1571.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(126059);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/15");
script_cve_id(
"CVE-2019-10124",
"CVE-2019-11477",
"CVE-2019-11478",
"CVE-2019-11479",
"CVE-2019-11487",
"CVE-2019-12380",
"CVE-2019-12382",
"CVE-2019-12456",
"CVE-2019-12818",
"CVE-2019-12819",
"CVE-2019-3846"
);
script_xref(name:"CEA-ID", value:"CEA-2019-0456");
script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The openSUSE Leap 15.1 was updated to receive various security and
bugfixes.
The following security bugs were fixed :
- CVE-2019-11477: A sequence of SACKs may have been
crafted by a remote attacker such that one can trigger
an integer overflow, leading to a kernel panic.
(bsc#1137586).
- CVE-2019-11478: It was possible to send a crafted
sequence of SACKs which would fragment the TCP
retransmission queue. A remote attacker may have been
able to further exploit the fragmented queue to cause an
expensive linked-list walk for subsequent SACKs received
for that same TCP connection. (bsc#1137586)
- CVE-2019-11479: It was possible to send a crafted
sequence of SACKs which would fragment the RACK send
map. A remote attacker may be able to further exploit
the fragmented send map to cause an expensive
linked-list walk for subsequent SACKs received for that
same TCP connection. This would have resulted in excess
resource consumption due to low mss values.
(bsc#1137586)
- CVE-2019-12819: The function __mdiobus_register() in
drivers/net/phy/mdio_bus.c calls put_device(), which
will trigger a fixed_mdio_bus_init use-after-free. This
will cause a denial of service (bnc#1138291).
- CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may return NULL. If the caller
did not check for this, it will trigger a NULL pointer
dereference. This will cause denial of service. This
affects nfc_llcp_build_gb in net/nfc/llcp_core.c
(bnc#1138293).
- CVE-2019-12456: An issue was discovered in the
MPT3COMMAND case in _ctl_ioctl_main in
drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local
users to cause a denial of service or possibly have
unspecified other impact by changing the value of
ioc_number between two kernel reads of that value, aka a
'double fetch' vulnerability. (bnc#1136922)
- CVE-2019-12380: An issue was discovered in the efi
subsystem in the Linux kernel
phys_efi_set_virtual_address_map in
arch/x86/platform/efi/efi.c and efi_call_phys_prolog in
arch/x86/platform/efi/efi_64.c mishandle memory
allocation failures (bnc#1136598).
- CVE-2019-3846: A flaw that allowed an attacker to
corrupt memory and possibly escalate privileges was
found in the mwifiex kernel module while connecting to a
malicious wireless network (bnc#1136424).
- CVE-2019-10124: An attacker could exploit an issue in
the hwpoison implementation to cause a denial of service
(BUG). (bsc#1130699)
- CVE-2019-12382: In the drm_load_edid_firmware in
drivers/gpu/drm/drm_edid_load.c was an unchecked kstrdup
of fwstr, which might allow an attacker to cause a
denial of service (NULL pointer dereference and system
crash) (bnc#1136586).
- CVE-2019-11487: The Linux kernel allowed page->_refcount
reference count overflow, with resultant use-after-free
issues, if about 140 GiB of RAM exists. This is related
to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
include/linux/mm.h, include/linux/pipe_fs_i.h,
kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can
occur with FUSE requests (bnc#1133190).");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050242");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058115");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064802");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1066129");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068546");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1075020");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082387");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085535");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1093389");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099658");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103992");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104427");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1111696");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1115688");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117114");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117158");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1117561");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118139");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120091");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120423");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120566");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124503");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126206");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1127616");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128432");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130699");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1131673");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133190");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133612");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133616");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134090");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134671");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134730");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134738");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134743");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134806");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134936");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134945");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134946");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134947");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134948");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134949");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134950");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134951");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134952");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134953");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134972");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134974");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134975");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134980");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134981");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134983");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134987");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134989");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134990");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134994");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134995");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134998");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134999");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135018");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135021");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135024");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135026");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135027");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135029");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135031");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135033");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135034");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135035");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135036");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135037");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135038");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135039");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135041");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135042");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135044");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135045");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135046");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135047");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135049");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135052");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135053");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135055");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135056");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135058");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135153");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135542");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135556");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135642");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1135661");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136188");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136206");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136215");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136345");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136348");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136424");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136428");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136430");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136432");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136434");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136435");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136438");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136439");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136456");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136460");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136461");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136469");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136477");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136478");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136498");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136573");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136586");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136598");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136881");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136922");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136935");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136978");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136990");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137151");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137152");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137153");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137162");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137201");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137224");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137232");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137233");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137236");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137372");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137429");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137444");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137586");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137739");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137752");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137995");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137996");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137998");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137999");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138000");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138002");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138003");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138005");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138006");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138007");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138008");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138009");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138010");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138011");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138012");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138013");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138014");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138016");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138017");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138018");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138291");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138293");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138336");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138374");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138375");
script_set_attribute(attribute:"solution", value:
"Update the affected the Linux Kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3846");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/27");
script_set_attribute(attribute:"patch_publication_date", value:"2019/06/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-base-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-debugsource-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-debug-devel-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-base-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-debugsource-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-default-devel-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-devel-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-docs-html-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-debugsource-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-macros-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-build-debugsource-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-obs-qa-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-source-vanilla-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-syms-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-debugsource-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-4.12.14-lp151.28.7.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.7.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | kernel-debug-debuginfo | p-cpe:/a:novell:opensuse:kernel-debug-debuginfo |
novell | opensuse | 15.1 | cpe:/o:novell:opensuse:15.1 |
novell | opensuse | kernel-default-base | p-cpe:/a:novell:opensuse:kernel-default-base |
novell | opensuse | kernel-vanilla-debugsource | p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource |
novell | opensuse | kernel-default | p-cpe:/a:novell:opensuse:kernel-default |
novell | opensuse | kernel-macros | p-cpe:/a:novell:opensuse:kernel-macros |
novell | opensuse | kernel-default-debugsource | p-cpe:/a:novell:opensuse:kernel-default-debugsource |
novell | opensuse | kernel-vanilla-base | p-cpe:/a:novell:opensuse:kernel-vanilla-base |
novell | opensuse | kernel-vanilla-devel | p-cpe:/a:novell:opensuse:kernel-vanilla-devel |
novell | opensuse | kernel-kvmsmall | p-cpe:/a:novell:opensuse:kernel-kvmsmall |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846
bugzilla.opensuse.org/show_bug.cgi?id=1012382
bugzilla.opensuse.org/show_bug.cgi?id=1050242
bugzilla.opensuse.org/show_bug.cgi?id=1051510
bugzilla.opensuse.org/show_bug.cgi?id=1053043
bugzilla.opensuse.org/show_bug.cgi?id=1056787
bugzilla.opensuse.org/show_bug.cgi?id=1058115
bugzilla.opensuse.org/show_bug.cgi?id=1061840
bugzilla.opensuse.org/show_bug.cgi?id=1064802
bugzilla.opensuse.org/show_bug.cgi?id=1065600
bugzilla.opensuse.org/show_bug.cgi?id=1065729
bugzilla.opensuse.org/show_bug.cgi?id=1066129
bugzilla.opensuse.org/show_bug.cgi?id=1068546
bugzilla.opensuse.org/show_bug.cgi?id=1071995
bugzilla.opensuse.org/show_bug.cgi?id=1075020
bugzilla.opensuse.org/show_bug.cgi?id=1082387
bugzilla.opensuse.org/show_bug.cgi?id=1083647
bugzilla.opensuse.org/show_bug.cgi?id=1085535
bugzilla.opensuse.org/show_bug.cgi?id=1093389
bugzilla.opensuse.org/show_bug.cgi?id=1099658
bugzilla.opensuse.org/show_bug.cgi?id=1103992
bugzilla.opensuse.org/show_bug.cgi?id=1104353
bugzilla.opensuse.org/show_bug.cgi?id=1104427
bugzilla.opensuse.org/show_bug.cgi?id=1111666
bugzilla.opensuse.org/show_bug.cgi?id=1111696
bugzilla.opensuse.org/show_bug.cgi?id=1113722
bugzilla.opensuse.org/show_bug.cgi?id=1115688
bugzilla.opensuse.org/show_bug.cgi?id=1117114
bugzilla.opensuse.org/show_bug.cgi?id=1117158
bugzilla.opensuse.org/show_bug.cgi?id=1117561
bugzilla.opensuse.org/show_bug.cgi?id=1118139
bugzilla.opensuse.org/show_bug.cgi?id=1120091
bugzilla.opensuse.org/show_bug.cgi?id=1120423
bugzilla.opensuse.org/show_bug.cgi?id=1120566
bugzilla.opensuse.org/show_bug.cgi?id=1120902
bugzilla.opensuse.org/show_bug.cgi?id=1124503
bugzilla.opensuse.org/show_bug.cgi?id=1126206
bugzilla.opensuse.org/show_bug.cgi?id=1126356
bugzilla.opensuse.org/show_bug.cgi?id=1127616
bugzilla.opensuse.org/show_bug.cgi?id=1128432
bugzilla.opensuse.org/show_bug.cgi?id=1130699
bugzilla.opensuse.org/show_bug.cgi?id=1131673
bugzilla.opensuse.org/show_bug.cgi?id=1133190
bugzilla.opensuse.org/show_bug.cgi?id=1133612
bugzilla.opensuse.org/show_bug.cgi?id=1133616
bugzilla.opensuse.org/show_bug.cgi?id=1134090
bugzilla.opensuse.org/show_bug.cgi?id=1134671
bugzilla.opensuse.org/show_bug.cgi?id=1134730
bugzilla.opensuse.org/show_bug.cgi?id=1134738
bugzilla.opensuse.org/show_bug.cgi?id=1134743
bugzilla.opensuse.org/show_bug.cgi?id=1134806
bugzilla.opensuse.org/show_bug.cgi?id=1134936
bugzilla.opensuse.org/show_bug.cgi?id=1134945
bugzilla.opensuse.org/show_bug.cgi?id=1134946
bugzilla.opensuse.org/show_bug.cgi?id=1134947
bugzilla.opensuse.org/show_bug.cgi?id=1134948
bugzilla.opensuse.org/show_bug.cgi?id=1134949
bugzilla.opensuse.org/show_bug.cgi?id=1134950
bugzilla.opensuse.org/show_bug.cgi?id=1134951
bugzilla.opensuse.org/show_bug.cgi?id=1134952
bugzilla.opensuse.org/show_bug.cgi?id=1134953
bugzilla.opensuse.org/show_bug.cgi?id=1134972
bugzilla.opensuse.org/show_bug.cgi?id=1134974
bugzilla.opensuse.org/show_bug.cgi?id=1134975
bugzilla.opensuse.org/show_bug.cgi?id=1134980
bugzilla.opensuse.org/show_bug.cgi?id=1134981
bugzilla.opensuse.org/show_bug.cgi?id=1134983
bugzilla.opensuse.org/show_bug.cgi?id=1134987
bugzilla.opensuse.org/show_bug.cgi?id=1134989
bugzilla.opensuse.org/show_bug.cgi?id=1134990
bugzilla.opensuse.org/show_bug.cgi?id=1134994
bugzilla.opensuse.org/show_bug.cgi?id=1134995
bugzilla.opensuse.org/show_bug.cgi?id=1134998
bugzilla.opensuse.org/show_bug.cgi?id=1134999
bugzilla.opensuse.org/show_bug.cgi?id=1135018
bugzilla.opensuse.org/show_bug.cgi?id=1135021
bugzilla.opensuse.org/show_bug.cgi?id=1135024
bugzilla.opensuse.org/show_bug.cgi?id=1135026
bugzilla.opensuse.org/show_bug.cgi?id=1135027
bugzilla.opensuse.org/show_bug.cgi?id=1135028
bugzilla.opensuse.org/show_bug.cgi?id=1135029
bugzilla.opensuse.org/show_bug.cgi?id=1135031
bugzilla.opensuse.org/show_bug.cgi?id=1135033
bugzilla.opensuse.org/show_bug.cgi?id=1135034
bugzilla.opensuse.org/show_bug.cgi?id=1135035
bugzilla.opensuse.org/show_bug.cgi?id=1135036
bugzilla.opensuse.org/show_bug.cgi?id=1135037
bugzilla.opensuse.org/show_bug.cgi?id=1135038
bugzilla.opensuse.org/show_bug.cgi?id=1135039
bugzilla.opensuse.org/show_bug.cgi?id=1135041
bugzilla.opensuse.org/show_bug.cgi?id=1135042
bugzilla.opensuse.org/show_bug.cgi?id=1135044
bugzilla.opensuse.org/show_bug.cgi?id=1135045
bugzilla.opensuse.org/show_bug.cgi?id=1135046
bugzilla.opensuse.org/show_bug.cgi?id=1135047
bugzilla.opensuse.org/show_bug.cgi?id=1135049
bugzilla.opensuse.org/show_bug.cgi?id=1135051
bugzilla.opensuse.org/show_bug.cgi?id=1135052
bugzilla.opensuse.org/show_bug.cgi?id=1135053
bugzilla.opensuse.org/show_bug.cgi?id=1135055
bugzilla.opensuse.org/show_bug.cgi?id=1135056
bugzilla.opensuse.org/show_bug.cgi?id=1135058
bugzilla.opensuse.org/show_bug.cgi?id=1135153
bugzilla.opensuse.org/show_bug.cgi?id=1135542
bugzilla.opensuse.org/show_bug.cgi?id=1135556
bugzilla.opensuse.org/show_bug.cgi?id=1135642
bugzilla.opensuse.org/show_bug.cgi?id=1135661
bugzilla.opensuse.org/show_bug.cgi?id=1136188
bugzilla.opensuse.org/show_bug.cgi?id=1136206
bugzilla.opensuse.org/show_bug.cgi?id=1136215
bugzilla.opensuse.org/show_bug.cgi?id=1136345
bugzilla.opensuse.org/show_bug.cgi?id=1136347
bugzilla.opensuse.org/show_bug.cgi?id=1136348
bugzilla.opensuse.org/show_bug.cgi?id=1136353
bugzilla.opensuse.org/show_bug.cgi?id=1136424
bugzilla.opensuse.org/show_bug.cgi?id=1136428
bugzilla.opensuse.org/show_bug.cgi?id=1136430
bugzilla.opensuse.org/show_bug.cgi?id=1136432
bugzilla.opensuse.org/show_bug.cgi?id=1136434
bugzilla.opensuse.org/show_bug.cgi?id=1136435
bugzilla.opensuse.org/show_bug.cgi?id=1136438
bugzilla.opensuse.org/show_bug.cgi?id=1136439
bugzilla.opensuse.org/show_bug.cgi?id=1136456
bugzilla.opensuse.org/show_bug.cgi?id=1136460
bugzilla.opensuse.org/show_bug.cgi?id=1136461
bugzilla.opensuse.org/show_bug.cgi?id=1136469
bugzilla.opensuse.org/show_bug.cgi?id=1136477
bugzilla.opensuse.org/show_bug.cgi?id=1136478
bugzilla.opensuse.org/show_bug.cgi?id=1136498
bugzilla.opensuse.org/show_bug.cgi?id=1136573
bugzilla.opensuse.org/show_bug.cgi?id=1136586
bugzilla.opensuse.org/show_bug.cgi?id=1136598
bugzilla.opensuse.org/show_bug.cgi?id=1136881
bugzilla.opensuse.org/show_bug.cgi?id=1136922
bugzilla.opensuse.org/show_bug.cgi?id=1136935
bugzilla.opensuse.org/show_bug.cgi?id=1136978
bugzilla.opensuse.org/show_bug.cgi?id=1136990
bugzilla.opensuse.org/show_bug.cgi?id=1137151
bugzilla.opensuse.org/show_bug.cgi?id=1137152
bugzilla.opensuse.org/show_bug.cgi?id=1137153
bugzilla.opensuse.org/show_bug.cgi?id=1137162
bugzilla.opensuse.org/show_bug.cgi?id=1137201
bugzilla.opensuse.org/show_bug.cgi?id=1137224
bugzilla.opensuse.org/show_bug.cgi?id=1137232
bugzilla.opensuse.org/show_bug.cgi?id=1137233
bugzilla.opensuse.org/show_bug.cgi?id=1137236
bugzilla.opensuse.org/show_bug.cgi?id=1137372
bugzilla.opensuse.org/show_bug.cgi?id=1137429
bugzilla.opensuse.org/show_bug.cgi?id=1137444
bugzilla.opensuse.org/show_bug.cgi?id=1137586
bugzilla.opensuse.org/show_bug.cgi?id=1137739
bugzilla.opensuse.org/show_bug.cgi?id=1137752
bugzilla.opensuse.org/show_bug.cgi?id=1137995
bugzilla.opensuse.org/show_bug.cgi?id=1137996
bugzilla.opensuse.org/show_bug.cgi?id=1137998
bugzilla.opensuse.org/show_bug.cgi?id=1137999
bugzilla.opensuse.org/show_bug.cgi?id=1138000
bugzilla.opensuse.org/show_bug.cgi?id=1138002
bugzilla.opensuse.org/show_bug.cgi?id=1138003
bugzilla.opensuse.org/show_bug.cgi?id=1138005
bugzilla.opensuse.org/show_bug.cgi?id=1138006
bugzilla.opensuse.org/show_bug.cgi?id=1138007
bugzilla.opensuse.org/show_bug.cgi?id=1138008
bugzilla.opensuse.org/show_bug.cgi?id=1138009
bugzilla.opensuse.org/show_bug.cgi?id=1138010
bugzilla.opensuse.org/show_bug.cgi?id=1138011
bugzilla.opensuse.org/show_bug.cgi?id=1138012
bugzilla.opensuse.org/show_bug.cgi?id=1138013
bugzilla.opensuse.org/show_bug.cgi?id=1138014
bugzilla.opensuse.org/show_bug.cgi?id=1138015
bugzilla.opensuse.org/show_bug.cgi?id=1138016
bugzilla.opensuse.org/show_bug.cgi?id=1138017
bugzilla.opensuse.org/show_bug.cgi?id=1138018
bugzilla.opensuse.org/show_bug.cgi?id=1138019
bugzilla.opensuse.org/show_bug.cgi?id=1138291
bugzilla.opensuse.org/show_bug.cgi?id=1138293
bugzilla.opensuse.org/show_bug.cgi?id=1138336
bugzilla.opensuse.org/show_bug.cgi?id=1138374
bugzilla.opensuse.org/show_bug.cgi?id=1138375
8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.974 High
EPSS
Percentile
99.9%