openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3655-1)

high Nessus Plugin ID 155299

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3655-1 advisory.

- The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)

- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)

- A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)

- kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)

- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)

- prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)

- The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
(CVE-2021-42008)

- An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)

- The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)

- An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1181147

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1085030

https://bugzilla.suse.com/1152472

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1172073

https://bugzilla.suse.com/1173604

https://bugzilla.suse.com/1176447

https://bugzilla.suse.com/1176774

https://bugzilla.suse.com/1176914

https://bugzilla.suse.com/1178134

https://bugzilla.suse.com/1180100

https://bugzilla.suse.com/1184673

https://bugzilla.suse.com/1185762

https://bugzilla.suse.com/1186063

https://bugzilla.suse.com/1186109

https://bugzilla.suse.com/1187167

https://bugzilla.suse.com/1188563

https://bugzilla.suse.com/1189841

https://bugzilla.suse.com/1190006

https://bugzilla.suse.com/1190067

https://bugzilla.suse.com/1190349

https://bugzilla.suse.com/1190351

https://bugzilla.suse.com/1190479

https://bugzilla.suse.com/1190620

https://bugzilla.suse.com/1190642

https://bugzilla.suse.com/1190795

https://bugzilla.suse.com/1190801

https://bugzilla.suse.com/1190941

https://bugzilla.suse.com/1191229

https://bugzilla.suse.com/1191240

https://bugzilla.suse.com/1191241

https://bugzilla.suse.com/1191315

https://bugzilla.suse.com/1191317

https://bugzilla.suse.com/1191349

https://bugzilla.suse.com/1191384

https://bugzilla.suse.com/1191449

https://bugzilla.suse.com/1191450

https://bugzilla.suse.com/1191451

https://bugzilla.suse.com/1191452

https://bugzilla.suse.com/1191455

https://bugzilla.suse.com/1191456

https://bugzilla.suse.com/1191628

https://bugzilla.suse.com/1191645

https://bugzilla.suse.com/1191663

https://bugzilla.suse.com/1191731

https://bugzilla.suse.com/1191800

https://bugzilla.suse.com/1191867

https://bugzilla.suse.com/1191934

https://bugzilla.suse.com/1191958

https://bugzilla.suse.com/1192040

https://bugzilla.suse.com/1192041

https://bugzilla.suse.com/1192074

https://bugzilla.suse.com/1192107

https://bugzilla.suse.com/1192145

http://www.nessus.org/u?7172afb4

https://www.suse.com/security/cve/CVE-2021-33033

https://www.suse.com/security/cve/CVE-2021-34866

https://www.suse.com/security/cve/CVE-2021-3542

https://www.suse.com/security/cve/CVE-2021-3655

https://www.suse.com/security/cve/CVE-2021-3715

https://www.suse.com/security/cve/CVE-2021-3760

https://www.suse.com/security/cve/CVE-2021-3772

https://www.suse.com/security/cve/CVE-2021-3896

https://www.suse.com/security/cve/CVE-2021-41864

https://www.suse.com/security/cve/CVE-2021-42008

https://www.suse.com/security/cve/CVE-2021-42252

https://www.suse.com/security/cve/CVE-2021-42739

https://www.suse.com/security/cve/CVE-2021-43056

Plugin Details

Severity: High

ID: 155299

File Name: openSUSE-2021-3655.nasl

Version: 1.4

Type: local

Agent: unix

Published: 11/12/2021

Updated: 11/23/2023

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3760

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-42252

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:cluster-md-kmp-default, p-cpe:/a:novell:opensuse:dtb-exynos, p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-mediatek, p-cpe:/a:novell:opensuse:dtb-amlogic, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:dtb-arm, p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel, p-cpe:/a:novell:opensuse:dtb-qcom, p-cpe:/a:novell:opensuse:dtb-al, p-cpe:/a:novell:opensuse:dtb-sprd, p-cpe:/a:novell:opensuse:dtb-altera, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-preempt, p-cpe:/a:novell:opensuse:kernel-64kb-optional, p-cpe:/a:novell:opensuse:dtb-hisilicon, p-cpe:/a:novell:opensuse:dtb-marvell, p-cpe:/a:novell:opensuse:kernel-kvmsmall, p-cpe:/a:novell:opensuse:kselftests-kmp-preempt, p-cpe:/a:novell:opensuse:dlm-kmp-default, p-cpe:/a:novell:opensuse:dlm-kmp-preempt, p-cpe:/a:novell:opensuse:dtb-apm, p-cpe:/a:novell:opensuse:dtb-renesas, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kselftests-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-rockchip, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:reiserfs-kmp-default, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:gfs2-kmp-preempt, p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt, p-cpe:/a:novell:opensuse:kernel-64kb-extra, p-cpe:/a:novell:opensuse:dtb-broadcom, p-cpe:/a:novell:opensuse:dtb-zte, p-cpe:/a:novell:opensuse:kernel-preempt-extra, p-cpe:/a:novell:opensuse:kernel-zfcpdump, p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel, p-cpe:/a:novell:opensuse:dtb-cavium, p-cpe:/a:novell:opensuse:dtb-lg, p-cpe:/a:novell:opensuse:kernel-debug, cpe:/o:novell:opensuse:15.3, p-cpe:/a:novell:opensuse:kselftests-kmp-default, p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel, p-cpe:/a:novell:opensuse:dtb-xilinx, p-cpe:/a:novell:opensuse:kernel-64kb, p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt, p-cpe:/a:novell:opensuse:kernel-default-optional, p-cpe:/a:novell:opensuse:ocfs2-kmp-default, p-cpe:/a:novell:opensuse:kernel-preempt-optional, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt, p-cpe:/a:novell:opensuse:dtb-nvidia, p-cpe:/a:novell:opensuse:dtb-freescale, p-cpe:/a:novell:opensuse:gfs2-kmp-default, p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-allwinner, p-cpe:/a:novell:opensuse:dtb-socionext, p-cpe:/a:novell:opensuse:dtb-amd, p-cpe:/a:novell:opensuse:kernel-default-livepatch, p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:dlm-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-64kb-devel, p-cpe:/a:novell:opensuse:kernel-default-base-rebuild, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel, p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel, p-cpe:/a:novell:opensuse:gfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-preempt-devel, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-default-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/11/2021

Vulnerability Publication Date: 5/14/2021

Reference Information

CVE: CVE-2021-33033, CVE-2021-34866, CVE-2021-3542, CVE-2021-3655, CVE-2021-3715, CVE-2021-3760, CVE-2021-3772, CVE-2021-3896, CVE-2021-41864, CVE-2021-42008, CVE-2021-42252, CVE-2021-42739, CVE-2021-43056