Detections
Analytics
SUSE SLES11 Security Update : kernel (SUSE-SU-2022:14905-1)
high Nessus Plugin ID 158749
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14905-1 advisory.- Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. (CVE-2019-0136)
- An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. (CVE-2020-12770)
- A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)
- A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. (CVE-2021-3753)
- A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)
- pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
(CVE-2021-45095)
- Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)
- Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)
- A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
(CVE-2022-0492)
- A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1171420
https://bugzilla.suse.com/1179599
https://bugzilla.suse.com/1190025
https://bugzilla.suse.com/1191580
https://bugzilla.suse.com/1193157
https://bugzilla.suse.com/1193669
https://bugzilla.suse.com/1193867
https://bugzilla.suse.com/1194272
https://bugzilla.suse.com/1195109
https://bugzilla.suse.com/1195543
https://bugzilla.suse.com/1195908
https://bugzilla.suse.com/1196079
https://bugzilla.suse.com/1196612
https://www.suse.com/security/cve/CVE-2019-0136
https://www.suse.com/security/cve/CVE-2020-12770
https://www.suse.com/security/cve/CVE-2020-27820
https://www.suse.com/security/cve/CVE-2021-3753
https://www.suse.com/security/cve/CVE-2021-4155
https://www.suse.com/security/cve/CVE-2021-45095
https://www.suse.com/security/cve/CVE-2022-0001
https://www.suse.com/security/cve/CVE-2022-0002
https://www.suse.com/security/cve/CVE-2022-0492
Plugin Details
Severity: High
ID: 158749
File Name: suse_SU-2022-14905-1.nasl
Version: 1.8
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/9/2022
Updated: 12/7/2023
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Medium
Base Score: 6.9
Temporal Score: 5.7
Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-0492
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-bigmem, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-trace-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-ppc64, p-cpe:/a:novell:suse_linux:kernel-bigmem-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-ppc64-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-bigmem-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-ppc64-devel
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/8/2022
Vulnerability Publication Date: 6/11/2019
Exploitable With
Metasploit (Docker cgroups Container Escape)
Reference Information
CVE: CVE-2019-0136, CVE-2020-12770, CVE-2020-27820, CVE-2021-3753, CVE-2021-4155, CVE-2021-45095, CVE-2022-0001, CVE-2022-0002, CVE-2022-0492, CVE-2022-0617
SuSE: SUSE-SU-2022:14905-1