SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:3587-1)

high Nessus Plugin ID 166193

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3587-1 advisory.

- In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel (CVE-2022-20008)

- Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 (CVE-2022-2503)

- An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)

- A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)

- A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)

- An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)

- In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)

- drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. (CVE-2022-41848)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1124235

https://bugzilla.suse.com/1129770

https://bugzilla.suse.com/1154048

https://bugzilla.suse.com/1190317

https://bugzilla.suse.com/1199564

https://bugzilla.suse.com/1201309

https://bugzilla.suse.com/1202097

https://bugzilla.suse.com/1202385

https://bugzilla.suse.com/1202677

https://bugzilla.suse.com/1202960

https://bugzilla.suse.com/1203098

https://bugzilla.suse.com/1203107

https://bugzilla.suse.com/1203410

https://bugzilla.suse.com/1203424

https://bugzilla.suse.com/1203462

https://bugzilla.suse.com/1203552

https://bugzilla.suse.com/1203769

https://bugzilla.suse.com/1203935

https://bugzilla.suse.com/1203987

https://www.suse.com/security/cve/CVE-2022-20008

https://www.suse.com/security/cve/CVE-2022-2503

https://www.suse.com/security/cve/CVE-2022-2663

https://www.suse.com/security/cve/CVE-2022-3239

https://www.suse.com/security/cve/CVE-2022-3303

https://www.suse.com/security/cve/CVE-2022-39188

https://www.suse.com/security/cve/CVE-2022-41218

https://www.suse.com/security/cve/CVE-2022-41848

http://www.nessus.org/u?a0e9ef07

Plugin Details

Severity: High

ID: 166193

File Name: suse_SU-2022-3587-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 10/18/2022

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2022-20008

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-3239

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/14/2022

Vulnerability Publication Date: 5/10/2022

Reference Information

CVE: CVE-2022-20008, CVE-2022-2503, CVE-2022-2663, CVE-2022-3239, CVE-2022-3303, CVE-2022-39188, CVE-2022-41218, CVE-2022-41848

SuSE: SUSE-SU-2022:3587-1