Detections
Analytics
openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0370-1)
high Nessus Plugin ID 157938
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0370-1 advisory.- The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)
- A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)
- In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-160822094References: Upstream kernel (CVE-2021-39648)
- In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.
User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-194696049References: Upstream kernel (CVE-2021-39657)
- A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.
This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)
- pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
(CVE-2021-45095)
- A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. (CVE-2022-0286)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1154488
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1160634
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1177599
https://bugzilla.suse.com/1183405
https://bugzilla.suse.com/1185377
https://bugzilla.suse.com/1187428
https://bugzilla.suse.com/1187723
https://bugzilla.suse.com/1188605
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1193096
https://bugzilla.suse.com/1193506
https://bugzilla.suse.com/1193767
https://bugzilla.suse.com/1193802
https://bugzilla.suse.com/1193861
https://bugzilla.suse.com/1193864
https://bugzilla.suse.com/1193867
https://bugzilla.suse.com/1194048
https://bugzilla.suse.com/1194227
https://bugzilla.suse.com/1194291
https://bugzilla.suse.com/1194880
https://bugzilla.suse.com/1195009
https://bugzilla.suse.com/1195062
https://bugzilla.suse.com/1195065
https://bugzilla.suse.com/1195073
https://bugzilla.suse.com/1195183
https://bugzilla.suse.com/1195184
https://bugzilla.suse.com/1195254
https://bugzilla.suse.com/1195267
https://bugzilla.suse.com/1195293
https://bugzilla.suse.com/1195371
https://bugzilla.suse.com/1195476
https://bugzilla.suse.com/1195477
https://bugzilla.suse.com/1195478
https://bugzilla.suse.com/1195479
https://bugzilla.suse.com/1195480
https://bugzilla.suse.com/1195481
https://bugzilla.suse.com/1195482
http://www.nessus.org/u?86b0c288
https://www.suse.com/security/cve/CVE-2020-28097
https://www.suse.com/security/cve/CVE-2021-22600
https://www.suse.com/security/cve/CVE-2021-39648
https://www.suse.com/security/cve/CVE-2021-39657
https://www.suse.com/security/cve/CVE-2021-39685
https://www.suse.com/security/cve/CVE-2021-44733
https://www.suse.com/security/cve/CVE-2021-45095
https://www.suse.com/security/cve/CVE-2022-0286
https://www.suse.com/security/cve/CVE-2022-0330
Plugin Details
Severity: High
ID: 157938
File Name: openSUSE-2022-0370-1.nasl
Version: 1.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/12/2022
Updated: 11/9/2023
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.4
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2022-0435
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.4
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:reiserfs-kmp-default, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:dlm-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-64kb-devel, p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt, p-cpe:/a:novell:opensuse:dtb-nvidia, p-cpe:/a:novell:opensuse:dtb-freescale, p-cpe:/a:novell:opensuse:gfs2-kmp-default, p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-allwinner, p-cpe:/a:novell:opensuse:dtb-socionext, p-cpe:/a:novell:opensuse:dtb-amd, p-cpe:/a:novell:opensuse:kernel-default-livepatch, p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb, p-cpe:/a:novell:opensuse:cluster-md-kmp-default, p-cpe:/a:novell:opensuse:dtb-exynos, p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-mediatek, p-cpe:/a:novell:opensuse:dtb-amlogic, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:dtb-arm, p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel, p-cpe:/a:novell:opensuse:dtb-qcom, p-cpe:/a:novell:opensuse:dtb-al, p-cpe:/a:novell:opensuse:dtb-sprd, p-cpe:/a:novell:opensuse:dtb-altera, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-preempt, p-cpe:/a:novell:opensuse:kernel-64kb-optional, p-cpe:/a:novell:opensuse:dtb-hisilicon, p-cpe:/a:novell:opensuse:dtb-marvell, p-cpe:/a:novell:opensuse:kernel-kvmsmall, p-cpe:/a:novell:opensuse:kselftests-kmp-preempt, p-cpe:/a:novell:opensuse:dlm-kmp-default, p-cpe:/a:novell:opensuse:dlm-kmp-preempt, p-cpe:/a:novell:opensuse:dtb-apm, p-cpe:/a:novell:opensuse:dtb-renesas, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kselftests-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-rockchip, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-debug, cpe:/o:novell:opensuse:15.3, p-cpe:/a:novell:opensuse:kselftests-kmp-default, p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel, p-cpe:/a:novell:opensuse:dtb-xilinx, p-cpe:/a:novell:opensuse:kernel-64kb, p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt, p-cpe:/a:novell:opensuse:kernel-default-optional, p-cpe:/a:novell:opensuse:ocfs2-kmp-default, p-cpe:/a:novell:opensuse:kernel-preempt-optional, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel, p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel, p-cpe:/a:novell:opensuse:gfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-preempt-devel, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-base-rebuild, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:gfs2-kmp-preempt, p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt, p-cpe:/a:novell:opensuse:kernel-64kb-extra, p-cpe:/a:novell:opensuse:dtb-broadcom, p-cpe:/a:novell:opensuse:dtb-zte, p-cpe:/a:novell:opensuse:kernel-preempt-extra, p-cpe:/a:novell:opensuse:kernel-zfcpdump, p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel, p-cpe:/a:novell:opensuse:dtb-cavium, p-cpe:/a:novell:opensuse:dtb-lg
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/11/2022
Vulnerability Publication Date: 6/24/2021
CISA Known Exploited Vulnerability Due Dates: 5/2/2022
Exploitable With
Metasploit (vmwgfx Driver File Descriptor Handling Priv Esc)
Reference Information
CVE: CVE-2020-28097, CVE-2021-22600, CVE-2021-39648, CVE-2021-39657, CVE-2021-39685, CVE-2021-44733, CVE-2021-45095, CVE-2022-0286, CVE-2022-0330, CVE-2022-0435, CVE-2022-22942