Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0757-1)
high Nessus Plugin ID 158758
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0757-1 advisory.- In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. (CVE-2021-44879)
- Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)
- Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)
- A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)
- A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
(CVE-2022-0492)
- A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)
- A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)
- An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)
- An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1107207
https://bugzilla.suse.com/1114893
https://bugzilla.suse.com/1185973
https://bugzilla.suse.com/1191580
https://bugzilla.suse.com/1194516
https://bugzilla.suse.com/1195536
https://bugzilla.suse.com/1195543
https://bugzilla.suse.com/1195612
https://bugzilla.suse.com/1195840
https://bugzilla.suse.com/1195897
https://bugzilla.suse.com/1195908
https://bugzilla.suse.com/1195934
https://bugzilla.suse.com/1195949
https://bugzilla.suse.com/1195987
https://bugzilla.suse.com/1196079
https://bugzilla.suse.com/1196155
https://bugzilla.suse.com/1196584
https://bugzilla.suse.com/1196601
https://bugzilla.suse.com/1196612
https://www.suse.com/security/cve/CVE-2021-44879
https://www.suse.com/security/cve/CVE-2022-0001
https://www.suse.com/security/cve/CVE-2022-0002
https://www.suse.com/security/cve/CVE-2022-0487
https://www.suse.com/security/cve/CVE-2022-0492
https://www.suse.com/security/cve/CVE-2022-0617
https://www.suse.com/security/cve/CVE-2022-0644
https://www.suse.com/security/cve/CVE-2022-0847
https://www.suse.com/security/cve/CVE-2022-24448
Plugin Details
Severity: High
ID: 158758
File Name: suse_SU-2022-0757-1.nasl
Version: 1.13
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/9/2022
Updated: 7/14/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.8
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-0847
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-default-man
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/8/2022
Vulnerability Publication Date: 2/4/2022
CISA Known Exploited Vulnerability Due Dates: 5/16/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Dirty Pipe Local Privilege Escalation via CVE-2022-0847)
Reference Information
CVE: CVE-2021-44879, CVE-2022-0001, CVE-2022-0002, CVE-2022-0487, CVE-2022-0492, CVE-2022-0617, CVE-2022-0644, CVE-2022-0847, CVE-2022-24448, CVE-2022-24959
SuSE: SUSE-SU-2022:0757-1