The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4545-1 advisory.

  - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability     is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the     component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this     issue. The identifier VDB-211045 was assigned to this vulnerability. (CVE-2022-3545)

  - A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the sch_sfb     enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed)     into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of     service. (CVE-2022-3586)

  - In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused     by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. (CVE-2022-41218)

  - A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain     kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their     privileges on the system. (CVE-2022-4378)

  - The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer     overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send     buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer     to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC     message with garbage data is still correctly formed according to the specification and is passed forward     to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the     allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (CVE-2022-43945)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES12 Security Update : kernel (Live Patch 35 for SLE 12 SP5) (SUSE-SU-2022:4545-1)

high Nessus Plugin ID 168918

Version 1.3