The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2782-1 advisory.

  - A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking     configuration (redirecting egress packets to ingress using TC action mirred) a local unprivileged user     could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a     retransmission, resulting in a denial of service condition. (CVE-2022-4269)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-     after-free, related to dvb_register_device dynamically allocating fops. (CVE-2022-45884)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a     race condition that can cause a use-after-free when a device is disconnected. (CVE-2022-45885)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a     .disconnect versus dvb_device_open race condition that leads to a use-after-free. (CVE-2022-45886)

  - An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a     memory leak because of the lack of a dvb_frontend_detach call. (CVE-2022-45887)

  - An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a     use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
    (CVE-2022-45919)

  - In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON     condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a     type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing     memory corruption. (CVE-2023-1077)

  - A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when     plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to     the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED     controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led     structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
    (CVE-2023-1079)

  - A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user     to crash the system. Only if patch 390031c94211 (coredump: Use the vma snapshot in fill_files_note) not     applied yet, then kernel could be affected. (CVE-2023-1249)

  - A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur     when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading     to a denial of service. (CVE-2023-1380)

  - A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This     issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc     protocol in the Linux kernel. (CVE-2023-1382)

  - A vulnerability was found in the HCI sockets implementation due to a missing capability check in     net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of     management commands, compromising the confidentiality, integrity, and availability of Bluetooth     communication. (CVE-2023-2002)

  - In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to     a logic error in the code. This could lead to local escalation of privilege with no additional execution     privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android     kernelAndroid ID: A-260821414References: Upstream kernel (CVE-2023-21102)

  - An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores     an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or     potentially escalate their privileges on the system. (CVE-2023-2124)

  - A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol.
    This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion     failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the     system. (CVE-2023-2156)

  - A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in     SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
    (CVE-2023-2162)

  - A denial of service problem was found, due to a possible recursive locking scenario, resulting in a     deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-     component. (CVE-2023-2269)

  - A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the     extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system     crash or other undefined behaviors. (CVE-2023-2513)

  - Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics     drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable     escalation of privilege via local access. (CVE-2023-28410)

  - A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes     actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code     uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted     branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted     branches can cause cache allocation. This issue leads to obtaining information that should not be     accessible. (CVE-2023-3006)

  - An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64     lacks consistency checks for CR0 and CR4. (CVE-2023-30456)

  - An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a     blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is     called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event,     down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and     down(&fepriv->sem) may block the process. (CVE-2023-31084)

  - A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the     Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading     to a kernel information leak. (CVE-2023-3141)

  - qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write     because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)

  - A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and     font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds     occurs leading to undefined behavior and possible denial of service. (CVE-2023-3161)

  - In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests     can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users     can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)

  - An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in     drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race     condition. (CVE-2023-33288)

  - An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7.
    It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets.
    This may result in denial of service or privilege escalation. (CVE-2023-35788)

  - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in     drivers/media/pci/saa7134/saa7134-core.c. (CVE-2023-35823)

  - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in     renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. (CVE-2023-35828)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:2782-1)

high Nessus Plugin ID 177994

Version 1.3

Version 1.2

Version 1.0

Version 1.3 Mar 5, 2024, 1:15 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202403050115
Version 1.2 Aug 23, 2023, 4:09 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202308231609
Version 1.0 Jul 5, 2023, 8:02 AM New Plugin Feed: 202307050802