Detections
Analytics
SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1574-1)
medium Nessus Plugin ID 149463
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.The following security bugs were fixed :
CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE MicroOS 5.0 :
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1574=1
SUSE Linux Enterprise Workstation Extension 15-SP2 :
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1574=1
SUSE Linux Enterprise Module for Live Patching 15-SP2 :
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1574=1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 :
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1574=1
SUSE Linux Enterprise Module for Development Tools 15-SP2 :
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-1574=1
SUSE Linux Enterprise Module for Basesystem 15-SP2 :
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1574=1
SUSE Linux Enterprise High Availability 15-SP2 :
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1574=1
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1043990
https://bugzilla.suse.com/show_bug.cgi?id=1055117
https://bugzilla.suse.com/show_bug.cgi?id=1065729
https://bugzilla.suse.com/show_bug.cgi?id=1152457
https://bugzilla.suse.com/show_bug.cgi?id=1152489
https://bugzilla.suse.com/show_bug.cgi?id=1156395
https://bugzilla.suse.com/show_bug.cgi?id=1184209
https://bugzilla.suse.com/show_bug.cgi?id=1184436
https://bugzilla.suse.com/show_bug.cgi?id=1184514
https://bugzilla.suse.com/show_bug.cgi?id=1184650
https://bugzilla.suse.com/show_bug.cgi?id=1184724
https://bugzilla.suse.com/show_bug.cgi?id=1184728
https://bugzilla.suse.com/show_bug.cgi?id=1184730
https://bugzilla.suse.com/show_bug.cgi?id=1184731
https://bugzilla.suse.com/show_bug.cgi?id=1184736
https://bugzilla.suse.com/show_bug.cgi?id=1184737
https://bugzilla.suse.com/show_bug.cgi?id=1184738
https://bugzilla.suse.com/show_bug.cgi?id=1184740
https://bugzilla.suse.com/show_bug.cgi?id=1184741
https://bugzilla.suse.com/show_bug.cgi?id=1184742
https://bugzilla.suse.com/show_bug.cgi?id=1184760
https://bugzilla.suse.com/show_bug.cgi?id=1184811
https://bugzilla.suse.com/show_bug.cgi?id=1184893
https://bugzilla.suse.com/show_bug.cgi?id=1184934
https://bugzilla.suse.com/show_bug.cgi?id=1184942
https://bugzilla.suse.com/show_bug.cgi?id=1184957
https://bugzilla.suse.com/show_bug.cgi?id=1184969
https://bugzilla.suse.com/show_bug.cgi?id=1167260
https://bugzilla.suse.com/show_bug.cgi?id=1168838
https://bugzilla.suse.com/show_bug.cgi?id=1174416
https://bugzilla.suse.com/show_bug.cgi?id=1174426
https://bugzilla.suse.com/show_bug.cgi?id=1178089
https://bugzilla.suse.com/show_bug.cgi?id=1179243
https://bugzilla.suse.com/show_bug.cgi?id=1179851
https://bugzilla.suse.com/show_bug.cgi?id=1180846
https://bugzilla.suse.com/show_bug.cgi?id=1181161
https://bugzilla.suse.com/show_bug.cgi?id=1182613
https://bugzilla.suse.com/show_bug.cgi?id=1183063
https://bugzilla.suse.com/show_bug.cgi?id=1183203
https://bugzilla.suse.com/show_bug.cgi?id=1183289
https://bugzilla.suse.com/show_bug.cgi?id=1184208
https://bugzilla.suse.com/show_bug.cgi?id=1184984
https://bugzilla.suse.com/show_bug.cgi?id=1185041
https://bugzilla.suse.com/show_bug.cgi?id=1185113
https://bugzilla.suse.com/show_bug.cgi?id=1185233
https://bugzilla.suse.com/show_bug.cgi?id=1185244
https://bugzilla.suse.com/show_bug.cgi?id=1185269
https://bugzilla.suse.com/show_bug.cgi?id=1185365
https://bugzilla.suse.com/show_bug.cgi?id=1185454
https://bugzilla.suse.com/show_bug.cgi?id=1185472
https://bugzilla.suse.com/show_bug.cgi?id=1185491
https://bugzilla.suse.com/show_bug.cgi?id=1185549
https://bugzilla.suse.com/show_bug.cgi?id=1185586
https://bugzilla.suse.com/show_bug.cgi?id=1185587
https://www.suse.com/security/cve/CVE-2021-29155/
Plugin Details
Severity: Medium
ID: 149463
File Name: suse_SU-2021-1574-1.nasl
Version: 1.3
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/13/2021
Updated: 1/2/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2021-29155
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo, p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/12/2021
Vulnerability Publication Date: 3/30/2021
Reference Information
CVE: CVE-2021-29155, CVE-2021-29650