The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0749-1 advisory.

  - A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown     function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after     free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
    The identifier of this vulnerability is VDB-211020. (CVE-2022-3523)

  - A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c     in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a     local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
    (CVE-2022-38096)

  - There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local     privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or     CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a     use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can     install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this     socket is disconnected and reused as a listener. If a new socket is created from the listener, the context     is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend     upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)

  - A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was     found in the way user can guess location of exception stack(s) or other important data. A local user could     use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597)

  - A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the     way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate     their privileges on the system. (CVE-2023-1118)

  - In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in     drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls. (CVE-2023-22995)

  - In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the     drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually     an error pointer). (CVE-2023-22998)

  - In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return     value. Callers expect NULL in the error case, but an error pointer is used. (CVE-2023-23000)

  - In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return     value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-23004)

  - In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an     integer overflow in an addition. (CVE-2023-23559)

  - The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a     crafted USB device because the LED controllers remain registered for too long. (CVE-2023-25012)

  - In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure     (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES15 Security Update : kernel (SUSE-SU-2023:0749-1)

high Nessus Plugin ID 172654

Version 1.3