The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0363-1 advisory.

  - The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a     vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)

  - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through     crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected     versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)

  - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a     race condition. This could lead to local information disclosure with System execution privileges needed.
    User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-160822094References: Upstream kernel (CVE-2021-39648)

  - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing     bounds check. This could lead to local information disclosure with System execution privileges needed.
    User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-194696049References: Upstream kernel (CVE-2021-39657)

  - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.
    This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory     object. (CVE-2021-44733)

  - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
    (CVE-2021-45095)

  - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local     denial of service. (CVE-2022-0286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0363-1)

high Nessus Plugin ID 157890

Version 1.6

Version 1.5

Version 1.4

Version 1.6 Nov 9, 2023, 5:53 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202311091753
Version 1.5 Apr 25, 2023, 11:11 PM CVSS temporal metrics (Adjust exploitability metrics for CISA KEV vulnerabilities) Plugin Feed: 202304252311
Version 1.4 Feb 1, 2023, 2:09 PM Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202302011409