SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2629-1)

high Nessus Plugin ID 163752

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2629-1 advisory.

- In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)

- The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
(CVE-2020-26541)

- Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)

- Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)

- In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-154175781References: Upstream kernel (CVE-2021-39711)

- An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)

- A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)

- A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.
(CVE-2022-1184)

- Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)

- A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)

- A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. (CVE-2022-1729)

- A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
(CVE-2022-1734)

- A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. (CVE-2022-1974)

- There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. (CVE-2022-1975)

- In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)

- In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)

- In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)

- Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)

- Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)

- Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21127)

- Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)

- Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. (CVE-2022-21180)

- KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.
An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)

- There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)

- Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)

- Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)

- Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)

- The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1024718

https://bugzilla.suse.com/1055117

https://bugzilla.suse.com/1061840

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1129770

https://bugzilla.suse.com/1158266

https://bugzilla.suse.com/1177282

https://bugzilla.suse.com/1188885

https://bugzilla.suse.com/1194013

https://bugzilla.suse.com/1194124

https://bugzilla.suse.com/1196426

https://bugzilla.suse.com/1196570

https://bugzilla.suse.com/1196901

https://bugzilla.suse.com/1196964

https://bugzilla.suse.com/1197170

https://bugzilla.suse.com/1197219

https://bugzilla.suse.com/1197601

https://bugzilla.suse.com/1198438

https://bugzilla.suse.com/1198577

https://bugzilla.suse.com/1198866

https://bugzilla.suse.com/1198899

https://bugzilla.suse.com/1199035

https://bugzilla.suse.com/1199063

https://bugzilla.suse.com/1199237

https://bugzilla.suse.com/1199239

https://bugzilla.suse.com/1199314

https://bugzilla.suse.com/1199399

https://bugzilla.suse.com/1199426

https://bugzilla.suse.com/1199482

https://bugzilla.suse.com/1199487

https://bugzilla.suse.com/1199505

https://bugzilla.suse.com/1199507

https://bugzilla.suse.com/1199526

https://bugzilla.suse.com/1199605

https://bugzilla.suse.com/1199631

https://bugzilla.suse.com/1199650

https://bugzilla.suse.com/1199657

https://bugzilla.suse.com/1199671

https://bugzilla.suse.com/1199839

https://bugzilla.suse.com/1200015

https://bugzilla.suse.com/1200045

https://bugzilla.suse.com/1200143

https://bugzilla.suse.com/1200144

https://bugzilla.suse.com/1200173

https://bugzilla.suse.com/1200249

https://bugzilla.suse.com/1200343

https://bugzilla.suse.com/1200549

https://bugzilla.suse.com/1200571

https://bugzilla.suse.com/1200599

https://bugzilla.suse.com/1200600

https://bugzilla.suse.com/1200604

https://bugzilla.suse.com/1200605

https://bugzilla.suse.com/1200608

https://bugzilla.suse.com/1200619

https://bugzilla.suse.com/1200762

https://bugzilla.suse.com/1200806

https://bugzilla.suse.com/1200807

https://bugzilla.suse.com/1200809

https://bugzilla.suse.com/1200810

https://bugzilla.suse.com/1200813

https://bugzilla.suse.com/1200820

https://bugzilla.suse.com/1200821

https://bugzilla.suse.com/1200822

https://bugzilla.suse.com/1200829

https://bugzilla.suse.com/1200868

https://bugzilla.suse.com/1200869

https://bugzilla.suse.com/1200870

https://bugzilla.suse.com/1200871

https://bugzilla.suse.com/1200872

https://bugzilla.suse.com/1200873

https://bugzilla.suse.com/1200925

https://bugzilla.suse.com/1201050

https://bugzilla.suse.com/1201080

https://bugzilla.suse.com/1201251

https://www.suse.com/security/cve/CVE-2019-19377

https://www.suse.com/security/cve/CVE-2020-26541

https://www.suse.com/security/cve/CVE-2021-26341

https://www.suse.com/security/cve/CVE-2021-33061

https://www.suse.com/security/cve/CVE-2021-39711

https://www.suse.com/security/cve/CVE-2021-4157

https://www.suse.com/security/cve/CVE-2022-1012

https://www.suse.com/security/cve/CVE-2022-1184

https://www.suse.com/security/cve/CVE-2022-1652

https://www.suse.com/security/cve/CVE-2022-1679

https://www.suse.com/security/cve/CVE-2022-1729

https://www.suse.com/security/cve/CVE-2022-1734

https://www.suse.com/security/cve/CVE-2022-1836

https://www.suse.com/security/cve/CVE-2022-1974

https://www.suse.com/security/cve/CVE-2022-1975

https://www.suse.com/security/cve/CVE-2022-20132

https://www.suse.com/security/cve/CVE-2022-20141

https://www.suse.com/security/cve/CVE-2022-20154

https://www.suse.com/security/cve/CVE-2022-21123

https://www.suse.com/security/cve/CVE-2022-21125

https://www.suse.com/security/cve/CVE-2022-21127

https://www.suse.com/security/cve/CVE-2022-21166

https://www.suse.com/security/cve/CVE-2022-21180

https://www.suse.com/security/cve/CVE-2022-21499

https://www.suse.com/security/cve/CVE-2022-2318

https://www.suse.com/security/cve/CVE-2022-26365

https://www.suse.com/security/cve/CVE-2022-29900

https://www.suse.com/security/cve/CVE-2022-29901

https://www.suse.com/security/cve/CVE-2022-30594

https://www.suse.com/security/cve/CVE-2022-33740

https://www.suse.com/security/cve/CVE-2022-33741

https://www.suse.com/security/cve/CVE-2022-33742

http://www.nessus.org/u?e33c2e64

Plugin Details

Severity: High

ID: 163752

File Name: suse_SU-2022-2629-1.nasl

Version: 1.11

Type: local

Agent: unix

Published: 8/3/2022

Updated: 1/16/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-4157

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2022-1012

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/2/2022

Vulnerability Publication Date: 11/29/2019

Reference Information

CVE: CVE-2019-19377, CVE-2020-26541, CVE-2021-26341, CVE-2021-33061, CVE-2021-39711, CVE-2021-4157, CVE-2022-1012, CVE-2022-1184, CVE-2022-1652, CVE-2022-1679, CVE-2022-1729, CVE-2022-1734, CVE-2022-1836, CVE-2022-1974, CVE-2022-1975, CVE-2022-20132, CVE-2022-20141, CVE-2022-20154, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2022-21180, CVE-2022-21499, CVE-2022-2318, CVE-2022-26365, CVE-2022-29900, CVE-2022-29901, CVE-2022-30594, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742

SuSE: SUSE-SU-2022:2629-1