The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0152-1 advisory.

  - Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel     before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the     dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the     dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the     dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the     dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the     dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the     dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the     dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka     CID-055e547478a1. (CVE-2019-19083)

  - An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in     drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). (CVE-2022-3105)

  - An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in     drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). (CVE-2022-3106)

  - An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in     drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the     null pointer dereference. (CVE-2022-3107)

  - An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in     drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). (CVE-2022-3108)

  - An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in     drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in     wm8350_init_charger(). (CVE-2022-3111)

  - An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in     drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will     cause the null pointer dereference. (CVE-2022-3112)

  - An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in     drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null     pointer dereference. (CVE-2022-3115)

  - A vulnerability classified as problematic has been found in Linux Kernel. This affects the function     fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to     out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to     fix this issue. The identifier VDB-210357 was assigned to this vulnerability. (CVE-2022-3435)

  - A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the     function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The     manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated     identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

  - Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC     interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It     appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol     headers are all contained within the linear section of the SKB and some NICs behave badly if this is not     the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x)     though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with     split headers, netback will forward those violating above mentioned assumption to the networking core,     resulting in said misbehavior. (CVE-2022-3643)

  - Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs;
    the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced     another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the     XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock     could occur in case of netpoll being active for the interface the xen-netback driver is connected to     (CVE-2022-42329). (CVE-2022-42328, CVE-2022-42329)

  - A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches     usb device. A local user could use this flaw to crash the system. (CVE-2022-4662)

  - An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in     drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds     read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
    (CVE-2022-47520)

  - In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows     an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control     configuration that is set up with tc qdisc and tc class commands. This affects qdisc_graft in     net/sched/sch_api.c. (CVE-2022-47929)

  - A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.
    SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result     in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit     56b88b50565cd8b946a2d00b0c83927b7ebb055e (CVE-2023-0266)

  - cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes     indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)

  - atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial     of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition     rather than valid classification results). (CVE-2023-23455)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:0152-1)

high Nessus Plugin ID 170678

Version 1.4

Version 1.3

Version 1.3

Version 1.2

Version 1.1

Version 1.1

Version 1.0

Version 1.4 Jul 14, 2023, 7:08 AM CVSS metrics ("CVSSv3 score" changed from 10.0 to 7.8. "CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") Detection Plugin metadata Plugin Feed: 202307140708
Version 1.3 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.3 Jul 14, 2023, 5:13 AM CVSS metrics ("CVSSv3 score" changed from 10.0 to 7.8) CVSS metrics ("CVSSv3 vector" changed from "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") Detection Plugin metadata Plugin Feed: 202307140513
Version 1.2 Mar 30, 2023, 10:08 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202303302208
Version 1.1 Mar 7, 2023, 4:04 PM Regenerated based on advisory update Plugin Feed: 202303071604
Version 1.1 Mar 7, 2023, 10:48 PM Logic Changes (Added support for additional SUSE Platforms) Plugin Feed: 202303072248
Version 1.0 Jan 27, 2023, 12:13 AM New Plugin Feed: 202301270013