SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2083-1)

high Nessus Plugin ID 162242

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2083-1 advisory.

- An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
(CVE-2019-20811)

- There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)

- A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
(CVE-2021-20321)

- Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)

- net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)

- In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-154175781References: Upstream kernel (CVE-2021-39711)

- An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)

- A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().
This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)

- A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)

- The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. (CVE-2022-1419)

- A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)

- Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)

- A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)

- Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)

- Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

- Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)

- Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

- Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. (CVE-2022-21180)

- The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1028340

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1071995

https://bugzilla.suse.com/1114648

https://bugzilla.suse.com/1172456

https://bugzilla.suse.com/1182171

https://bugzilla.suse.com/1183723

https://bugzilla.suse.com/1187055

https://bugzilla.suse.com/1191647

https://bugzilla.suse.com/1191958

https://bugzilla.suse.com/1195651

https://bugzilla.suse.com/1196426

https://bugzilla.suse.com/1197099

https://bugzilla.suse.com/1197219

https://bugzilla.suse.com/1197343

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198516

https://bugzilla.suse.com/1198660

https://bugzilla.suse.com/1198687

https://bugzilla.suse.com/1198742

https://bugzilla.suse.com/1198825

https://bugzilla.suse.com/1199012

https://bugzilla.suse.com/1199063

https://bugzilla.suse.com/1199314

https://bugzilla.suse.com/1199399

https://bugzilla.suse.com/1199426

https://bugzilla.suse.com/1199505

https://bugzilla.suse.com/1199605

https://bugzilla.suse.com/1199650

https://www.suse.com/security/cve/CVE-2019-20811

https://www.suse.com/security/cve/CVE-2021-20292

https://www.suse.com/security/cve/CVE-2021-20321

https://www.suse.com/security/cve/CVE-2021-33061

https://www.suse.com/security/cve/CVE-2021-38208

https://www.suse.com/security/cve/CVE-2021-39711

https://www.suse.com/security/cve/CVE-2021-43389

https://www.suse.com/security/cve/CVE-2022-1011

https://www.suse.com/security/cve/CVE-2022-1353

https://www.suse.com/security/cve/CVE-2022-1419

https://www.suse.com/security/cve/CVE-2022-1516

https://www.suse.com/security/cve/CVE-2022-1652

https://www.suse.com/security/cve/CVE-2022-1734

https://www.suse.com/security/cve/CVE-2022-21123

https://www.suse.com/security/cve/CVE-2022-21125

https://www.suse.com/security/cve/CVE-2022-21127

https://www.suse.com/security/cve/CVE-2022-21166

https://www.suse.com/security/cve/CVE-2022-21180

https://www.suse.com/security/cve/CVE-2022-30594

http://www.nessus.org/u?147c6213

Plugin Details

Severity: High

ID: 162242

File Name: suse_SU-2022-2083-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 6/15/2022

Updated: 7/13/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-1652

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2022-30594

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_99-default, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-default-man

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/14/2022

Vulnerability Publication Date: 6/3/2020

Reference Information

CVE: CVE-2019-20811, CVE-2021-20292, CVE-2021-20321, CVE-2021-33061, CVE-2021-38208, CVE-2021-39711, CVE-2021-43389, CVE-2022-1011, CVE-2022-1353, CVE-2022-1419, CVE-2022-1516, CVE-2022-1652, CVE-2022-1734, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2022-21180, CVE-2022-30594

SuSE: SUSE-SU-2022:2083-1