SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2892-1)

high Nessus Plugin ID 164448

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2892-1 advisory.

- An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)

- A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)

- A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)

- When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)

- When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
(CVE-2021-33656)

- Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. (CVE-2022-1116)

- An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)

- In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-182388481References: Upstream kernel (CVE-2022-20166)

- A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled (CVE-2022-21505) (CVE-2022-21505)

- There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)

- Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742)

- An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

- Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)

- nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1178134

https://bugzilla.suse.com/1196616

https://bugzilla.suse.com/1196867

https://bugzilla.suse.com/1198829

https://bugzilla.suse.com/1199364

https://bugzilla.suse.com/1199647

https://bugzilla.suse.com/1199648

https://bugzilla.suse.com/1199665

https://bugzilla.suse.com/1199670

https://bugzilla.suse.com/1199695

https://bugzilla.suse.com/1200521

https://bugzilla.suse.com/1200598

https://bugzilla.suse.com/1200644

https://bugzilla.suse.com/1200651

https://bugzilla.suse.com/1200762

https://bugzilla.suse.com/1200910

https://bugzilla.suse.com/1201196

https://bugzilla.suse.com/1201206

https://bugzilla.suse.com/1201251

https://bugzilla.suse.com/1201381

https://bugzilla.suse.com/1201429

https://bugzilla.suse.com/1201442

https://bugzilla.suse.com/1201458

https://bugzilla.suse.com/1201635

https://bugzilla.suse.com/1201636

https://bugzilla.suse.com/1201644

https://bugzilla.suse.com/1201645

https://bugzilla.suse.com/1201664

https://bugzilla.suse.com/1201672

https://bugzilla.suse.com/1201673

https://bugzilla.suse.com/1201676

https://bugzilla.suse.com/1201742

https://bugzilla.suse.com/1201752

https://bugzilla.suse.com/1201846

https://bugzilla.suse.com/1201930

https://bugzilla.suse.com/1201940

https://bugzilla.suse.com/1201941

https://bugzilla.suse.com/1201954

https://bugzilla.suse.com/1201956

https://bugzilla.suse.com/1201958

https://bugzilla.suse.com/1202087

https://bugzilla.suse.com/1202154

https://bugzilla.suse.com/1202312

https://www.suse.com/security/cve/CVE-2020-36516

https://www.suse.com/security/cve/CVE-2020-36557

https://www.suse.com/security/cve/CVE-2020-36558

https://www.suse.com/security/cve/CVE-2021-33655

https://www.suse.com/security/cve/CVE-2021-33656

https://www.suse.com/security/cve/CVE-2022-1116

https://www.suse.com/security/cve/CVE-2022-1462

https://www.suse.com/security/cve/CVE-2022-20166

https://www.suse.com/security/cve/CVE-2022-21505

https://www.suse.com/security/cve/CVE-2022-2318

https://www.suse.com/security/cve/CVE-2022-26365

https://www.suse.com/security/cve/CVE-2022-2639

https://www.suse.com/security/cve/CVE-2022-29581

https://www.suse.com/security/cve/CVE-2022-33740

https://www.suse.com/security/cve/CVE-2022-33741

https://www.suse.com/security/cve/CVE-2022-33742

https://www.suse.com/security/cve/CVE-2022-36946

http://www.nessus.org/u?3acdf8ed

Plugin Details

Severity: High

ID: 164448

File Name: suse_SU-2022-2892-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 8/26/2022

Updated: 7/14/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29581

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/25/2022

Vulnerability Publication Date: 2/26/2022

Reference Information

CVE: CVE-2020-36516, CVE-2020-36557, CVE-2020-36558, CVE-2021-33655, CVE-2021-33656, CVE-2022-1116, CVE-2022-1462, CVE-2022-20166, CVE-2022-21505, CVE-2022-2318, CVE-2022-26365, CVE-2022-2639, CVE-2022-29581, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-36946

SuSE: SUSE-SU-2022:2892-1