SUSE SLES12 Security Update : kernel (SUSE-SU-2022:1651-1)

high Nessus Plugin ID 161160

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1651-1 advisory.

- An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)

- An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
(CVE-2019-20811)

- There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)

- A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
(CVE-2021-20321)

- net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)

- An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)

- A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)

- A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)

- A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)

- The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. (CVE-2022-1419)

- A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)

- Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1084513

https://bugzilla.suse.com/1114648

https://bugzilla.suse.com/1121726

https://bugzilla.suse.com/1129770

https://bugzilla.suse.com/1137728

https://bugzilla.suse.com/1172456

https://bugzilla.suse.com/1183723

https://bugzilla.suse.com/1187055

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1191958

https://bugzilla.suse.com/1194625

https://bugzilla.suse.com/1196018

https://bugzilla.suse.com/1196247

https://bugzilla.suse.com/1196657

https://bugzilla.suse.com/1196901

https://bugzilla.suse.com/1197075

https://bugzilla.suse.com/1197343

https://bugzilla.suse.com/1197663

https://bugzilla.suse.com/1197888

https://bugzilla.suse.com/1197914

https://bugzilla.suse.com/1198217

https://bugzilla.suse.com/1198228

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198413

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198660

https://bugzilla.suse.com/1198687

https://bugzilla.suse.com/1198742

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1199012

https://www.suse.com/security/cve/CVE-2018-7755

https://www.suse.com/security/cve/CVE-2019-20811

https://www.suse.com/security/cve/CVE-2021-20292

https://www.suse.com/security/cve/CVE-2021-20321

https://www.suse.com/security/cve/CVE-2021-38208

https://www.suse.com/security/cve/CVE-2021-43389

https://www.suse.com/security/cve/CVE-2022-1011

https://www.suse.com/security/cve/CVE-2022-1280

https://www.suse.com/security/cve/CVE-2022-1353

https://www.suse.com/security/cve/CVE-2022-1419

https://www.suse.com/security/cve/CVE-2022-1516

https://www.suse.com/security/cve/CVE-2022-23960

https://www.suse.com/security/cve/CVE-2022-28748

http://www.nessus.org/u?7c7e6d75

Plugin Details

Severity: High

ID: 161160

File Name: suse_SU-2022-1651-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 5/13/2022

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-20292

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-1419

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/12/2022

Vulnerability Publication Date: 3/8/2018

Reference Information

CVE: CVE-2018-7755, CVE-2019-20811, CVE-2021-20292, CVE-2021-20321, CVE-2021-38208, CVE-2021-43389, CVE-2022-1011, CVE-2022-1280, CVE-2022-1353, CVE-2022-1419, CVE-2022-1516, CVE-2022-23960, CVE-2022-28748

SuSE: SUSE-SU-2022:1651-1