The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1266-1 advisory.

  - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel     (CVE-2021-39713)

  - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota     tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a     corrupted quota file. (CVE-2021-45868)

  - An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux     Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
    (CVE-2022-0812)

  - A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to     userspace. (CVE-2022-0850)

  - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a     use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel     information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)

  - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers     concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM     for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the     system. (CVE-2022-1048)

  - Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to     multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV     device frontends are using the grant table interfaces for removing access rights of the backends in ways     being subject to race conditions, resulting in potential data leaks, data corruption by malicious     backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the     gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they     assume that a following removal of the granted access will always succeed, which is not true in case the     backend has mapped the granted page between those two operations. As a result the backend can keep access     to the memory page of the guest no matter how the page will be used after the frontend I/O has finished.
    The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of     a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038     gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus,     9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no     longer in use, but the freeing of the related data page is not synchronized with dropping the granted     access. As a result the backend can keep access to the memory page even after it has been freed and then     re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to     revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which     can be triggered by the backend. CVE-2022-23042 (CVE-2022-23036, CVE-2022-23037, CVE-2022-23038,     CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042)

  - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has     EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)

  - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to     obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)

  - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and     net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap     objects and may cause a local privilege escalation threat. (CVE-2022-27666)

  - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)

  - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28388)

  - mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double     free. (CVE-2022-28389)

  - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
    (CVE-2022-28390)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:1266-1)

high Nessus Plugin ID 159987

Version 1.5