The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3294-1 advisory.

  - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including     v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster     than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the     vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)

  - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the     hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session     or terminate that session. (CVE-2020-36516)

  - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel     (CVE-2022-20368)

  - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input     validation. This could lead to local escalation of privilege with System execution privileges needed. User     interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
    A-223375145References: Upstream kernel (CVE-2022-20369)

  - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the     machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector     (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)

  - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation     (CVE-2022-2588)

  - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow     an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

  - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from     the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length     heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary     code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged     code on the target system to exploit this vulnerability. (CVE-2022-2991)

  - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)     when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to     potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read     and copying it into a socket. (CVE-2022-3028)

  - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in     net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)

  - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race     condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale     TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3294-1)

high Nessus Plugin ID 165232

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.9 Jan 15, 2024, 2:36 PM CVSSv3 score source (changed from "CVE-2022-20368" to "CVE-2022-2588") Plugin Feed: 202401151436
Version 1.8 Jul 14, 2023, 4:28 PM Exploit attributes ("Exploited by malware" set to "True") Plugin metadata Plugin Feed: 202307141628
Version 1.7 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.6 Mar 10, 2023, 5:10 PM Logic Changes (Added support for additional SUSE Platforms) Plugin Feed: 202303101710
Version 1.5 Jan 12, 2023, 6:19 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202301121819
Version 1.4 Dec 5, 2022, 10:02 PM Reference Plugin Feed: 202212052202
Version 1.3 Sep 29, 2022, 12:06 AM Exploit attributes CVSS temporal metrics Plugin Feed: 202209290006