Detections
Analytics

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3450-1)

high Nessus Plugin ID 165564

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3450-1 advisory.

 - The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. (CVE-2016-3695)

 - A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). (CVE-2020-27784)

 - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)

 - A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)

 - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)

 - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)

 - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
 A-182388481References: Upstream kernel (CVE-2022-20166)

 - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)

 - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
 A-223375145References: Upstream kernel (CVE-2022-20369)

 - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)

 - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)

 - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

 - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)

 - An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. (CVE-2022-2905)

 - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)

 - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)

 - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)

 - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)

 - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)

 - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1023051

https://bugzilla.suse.com/1180153

https://bugzilla.suse.com/1188944

https://bugzilla.suse.com/1191881

https://bugzilla.suse.com/1192968

https://bugzilla.suse.com/1194272

https://bugzilla.suse.com/1194535

https://bugzilla.suse.com/1196616

https://bugzilla.suse.com/1197158

https://bugzilla.suse.com/1199482

https://bugzilla.suse.com/1199665

https://bugzilla.suse.com/1201726

https://bugzilla.suse.com/1201948

https://bugzilla.suse.com/1202096

https://bugzilla.suse.com/1202097

https://bugzilla.suse.com/1202154

https://bugzilla.suse.com/1202346

https://bugzilla.suse.com/1202347

https://bugzilla.suse.com/1202393

https://bugzilla.suse.com/1202396

https://bugzilla.suse.com/1202564

https://bugzilla.suse.com/1202672

https://bugzilla.suse.com/1202860

https://bugzilla.suse.com/1202895

https://bugzilla.suse.com/1202898

https://bugzilla.suse.com/1203098

https://bugzilla.suse.com/1203107

https://bugzilla.suse.com/1203159

https://www.suse.com/security/cve/CVE-2016-3695

https://www.suse.com/security/cve/CVE-2020-27784

https://www.suse.com/security/cve/CVE-2020-36516

https://www.suse.com/security/cve/CVE-2021-4155

https://www.suse.com/security/cve/CVE-2021-4203

https://www.suse.com/security/cve/CVE-2022-1012

https://www.suse.com/security/cve/CVE-2022-20166

https://www.suse.com/security/cve/CVE-2022-20368

https://www.suse.com/security/cve/CVE-2022-20369

https://www.suse.com/security/cve/CVE-2022-2588

https://www.suse.com/security/cve/CVE-2022-26373

https://www.suse.com/security/cve/CVE-2022-2639

https://www.suse.com/security/cve/CVE-2022-2663

https://www.suse.com/security/cve/CVE-2022-2905

https://www.suse.com/security/cve/CVE-2022-29581

https://www.suse.com/security/cve/CVE-2022-2977

https://www.suse.com/security/cve/CVE-2022-3028

https://www.suse.com/security/cve/CVE-2022-32250

https://www.suse.com/security/cve/CVE-2022-36879

https://www.suse.com/security/cve/CVE-2022-39188

http://www.nessus.org/u?c7e241dd

Plugin Details

Severity: High

ID: 165564

File Name: suse_SU-2022-3450-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 9/29/2022

Updated: 7/14/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-32250

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-1012

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_129-default, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/28/2022

Vulnerability Publication Date: 12/29/2017

Exploitable With

Core Impact

Reference Information

CVE: CVE-2016-3695, CVE-2020-27784, CVE-2020-36516, CVE-2021-4155, CVE-2021-4203, CVE-2022-1012, CVE-2022-20166, CVE-2022-20368, CVE-2022-20369, CVE-2022-2588, CVE-2022-26373, CVE-2022-2639, CVE-2022-2663, CVE-2022-2905, CVE-2022-29581, CVE-2022-2977, CVE-2022-3028, CVE-2022-32250, CVE-2022-36879, CVE-2022-39188

SuSE: SUSE-SU-2022:3450-1