SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3675-1)

high Nessus Plugin ID 155467

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3675-1 advisory.

- The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)

- This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)

- A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)

- A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.
This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)

- hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
(CVE-2021-37159)

- A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)

- A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)

- prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)

- The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
(CVE-2021-42008)

- An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)

- A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)

- An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)

- An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1085030

https://bugzilla.suse.com/1089118

https://bugzilla.suse.com/1094840

https://bugzilla.suse.com/1133021

https://bugzilla.suse.com/1152472

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1154353

https://bugzilla.suse.com/1191663

https://bugzilla.suse.com/1191731

https://bugzilla.suse.com/1191800

https://bugzilla.suse.com/1191851

https://bugzilla.suse.com/1191867

https://bugzilla.suse.com/1191934

https://bugzilla.suse.com/1191958

https://bugzilla.suse.com/1191980

https://bugzilla.suse.com/1192040

https://bugzilla.suse.com/1192041

https://bugzilla.suse.com/1192074

https://bugzilla.suse.com/1192107

https://bugzilla.suse.com/1192145

https://bugzilla.suse.com/1192229

https://bugzilla.suse.com/1192267

https://bugzilla.suse.com/1192288

https://bugzilla.suse.com/1192549

https://www.suse.com/security/cve/CVE-2021-33033

https://www.suse.com/security/cve/CVE-2021-34866

https://www.suse.com/security/cve/CVE-2021-3542

https://www.suse.com/security/cve/CVE-2021-3655

https://www.suse.com/security/cve/CVE-2021-3715

https://www.suse.com/security/cve/CVE-2021-37159

https://www.suse.com/security/cve/CVE-2021-3760

https://www.suse.com/security/cve/CVE-2021-3772

https://www.suse.com/security/cve/CVE-2021-3896

https://www.suse.com/security/cve/CVE-2021-41864

https://www.suse.com/security/cve/CVE-2021-42008

https://www.suse.com/security/cve/CVE-2021-42252

https://www.suse.com/security/cve/CVE-2021-42739

https://www.suse.com/security/cve/CVE-2021-43056

https://www.suse.com/security/cve/CVE-2021-43389

http://www.nessus.org/u?3b76fee2

https://bugzilla.suse.com/1156395

https://bugzilla.suse.com/1157177

https://bugzilla.suse.com/1167773

https://bugzilla.suse.com/1172073

https://bugzilla.suse.com/1173604

https://bugzilla.suse.com/1176447

https://bugzilla.suse.com/1176774

https://bugzilla.suse.com/1176914

https://bugzilla.suse.com/1176940

https://bugzilla.suse.com/1178134

https://bugzilla.suse.com/1180100

https://bugzilla.suse.com/1180749

https://bugzilla.suse.com/1181147

https://bugzilla.suse.com/1184673

https://bugzilla.suse.com/1185762

https://bugzilla.suse.com/1186063

https://bugzilla.suse.com/1186109

https://bugzilla.suse.com/1187167

https://bugzilla.suse.com/1188563

https://bugzilla.suse.com/1188601

https://bugzilla.suse.com/1189841

https://bugzilla.suse.com/1190006

https://bugzilla.suse.com/1190067

https://bugzilla.suse.com/1190349

https://bugzilla.suse.com/1190351

https://bugzilla.suse.com/1190479

https://bugzilla.suse.com/1190620

https://bugzilla.suse.com/1190642

https://bugzilla.suse.com/1190795

https://bugzilla.suse.com/1190801

https://bugzilla.suse.com/1190941

https://bugzilla.suse.com/1191229

https://bugzilla.suse.com/1191240

https://bugzilla.suse.com/1191241

https://bugzilla.suse.com/1191315

https://bugzilla.suse.com/1191317

https://bugzilla.suse.com/1191349

https://bugzilla.suse.com/1191384

https://bugzilla.suse.com/1191449

https://bugzilla.suse.com/1191450

https://bugzilla.suse.com/1191451

https://bugzilla.suse.com/1191452

https://bugzilla.suse.com/1191455

https://bugzilla.suse.com/1191456

https://bugzilla.suse.com/1191628

https://bugzilla.suse.com/1191645

Plugin Details

Severity: High

ID: 155467

File Name: suse_SU-2021-3675-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 11/17/2021

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3760

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-42252

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-preempt-extra, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/16/2021

Vulnerability Publication Date: 5/14/2021

Reference Information

CVE: CVE-2021-33033, CVE-2021-34866, CVE-2021-3542, CVE-2021-3655, CVE-2021-3715, CVE-2021-37159, CVE-2021-3760, CVE-2021-3772, CVE-2021-3896, CVE-2021-41864, CVE-2021-42008, CVE-2021-42252, CVE-2021-42739, CVE-2021-43056, CVE-2021-43389

SuSE: SUSE-SU-2021:3675-1