SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:1992-1)

high Nessus Plugin ID 174778

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1992-1 advisory.

- Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
(CVE-2017-5753)

- A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)

- A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)

- Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use- after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. (CVE-2023-1281)

- A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. (CVE-2023-1513)

- A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel.
This issue may allow a local attacker with user privilege to cause a denial of service. (CVE-2023-1582)

- A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea (CVE-2023-1611)

- A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. (CVE-2023-1637)

- A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. (CVE-2023-1652)

- A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. (CVE-2023-1838)

- In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-23001)

- A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. (CVE-2023-28327)

- hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. (CVE-2023-28464)

- do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1109158

https://bugzilla.suse.com/1189998

https://bugzilla.suse.com/1193629

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1203200

https://bugzilla.suse.com/1206552

https://bugzilla.suse.com/1207168

https://bugzilla.suse.com/1207185

https://bugzilla.suse.com/1207574

https://bugzilla.suse.com/1208602

https://bugzilla.suse.com/1208815

https://bugzilla.suse.com/1208829

https://bugzilla.suse.com/1208902

https://bugzilla.suse.com/1209052

https://bugzilla.suse.com/1209118

https://bugzilla.suse.com/1209256

https://bugzilla.suse.com/1209290

https://bugzilla.suse.com/1209292

https://bugzilla.suse.com/1209366

https://bugzilla.suse.com/1209532

https://bugzilla.suse.com/1209547

https://bugzilla.suse.com/1209556

https://bugzilla.suse.com/1209572

https://bugzilla.suse.com/1209600

https://bugzilla.suse.com/1209634

https://bugzilla.suse.com/1209635

https://bugzilla.suse.com/1209636

https://bugzilla.suse.com/1209681

https://bugzilla.suse.com/1209684

https://bugzilla.suse.com/1209687

https://bugzilla.suse.com/1209779

https://bugzilla.suse.com/1209788

https://bugzilla.suse.com/1209798

https://bugzilla.suse.com/1209799

https://bugzilla.suse.com/1209804

https://bugzilla.suse.com/1209805

https://bugzilla.suse.com/1210050

https://bugzilla.suse.com/1210203

https://lists.suse.com/pipermail/sle-updates/2023-April/028974.html

https://www.suse.com/security/cve/CVE-2017-5753

https://www.suse.com/security/cve/CVE-2022-4744

https://www.suse.com/security/cve/CVE-2023-0394

https://www.suse.com/security/cve/CVE-2023-1281

https://www.suse.com/security/cve/CVE-2023-1513

https://www.suse.com/security/cve/CVE-2023-1582

https://www.suse.com/security/cve/CVE-2023-1611

https://www.suse.com/security/cve/CVE-2023-1637

https://www.suse.com/security/cve/CVE-2023-1652

https://www.suse.com/security/cve/CVE-2023-1838

https://www.suse.com/security/cve/CVE-2023-23001

https://www.suse.com/security/cve/CVE-2023-28327

https://www.suse.com/security/cve/CVE-2023-28464

https://www.suse.com/security/cve/CVE-2023-28466

Plugin Details

Severity: High

ID: 174778

File Name: suse_SU-2023-1992-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 4/26/2023

Updated: 7/13/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2017-5753

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2023-28464

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_15_23-rt, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/25/2023

Vulnerability Publication Date: 1/3/2018

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-5753, CVE-2022-4744, CVE-2023-0394, CVE-2023-1281, CVE-2023-1513, CVE-2023-1582, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1838, CVE-2023-23001, CVE-2023-28327, CVE-2023-28464, CVE-2023-28466

SuSE: SUSE-SU-2023:1992-1