Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2023:2804-1)
high Nessus Plugin ID 178117
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2804-1 advisory.- In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. (CVE-2023-1077)
- A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
(CVE-2023-1079)
- A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 (coredump: Use the vma snapshot in fill_files_note) not applied yet, then kernel could be affected. (CVE-2023-1249)
- A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. (CVE-2023-1637)
- A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. (CVE-2023-2002)
- A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)
- A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). (CVE-2023-3111)
- A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. (CVE-2023-3141)
- A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. (CVE-2023-3159)
- A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. (CVE-2023-3161)
- An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. (CVE-2023-3268)
- A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. (CVE-2023-3358)
- An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. (CVE-2023-35824)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1160435
https://bugzilla.suse.com/1172073
https://bugzilla.suse.com/1174852
https://bugzilla.suse.com/1190317
https://bugzilla.suse.com/1191731
https://bugzilla.suse.com/1199046
https://bugzilla.suse.com/1205758
https://bugzilla.suse.com/1208600
https://bugzilla.suse.com/1208604
https://bugzilla.suse.com/1209039
https://bugzilla.suse.com/1209779
https://bugzilla.suse.com/1210533
https://bugzilla.suse.com/1210791
https://bugzilla.suse.com/1211089
https://bugzilla.suse.com/1211519
https://bugzilla.suse.com/1211796
https://bugzilla.suse.com/1212051
https://bugzilla.suse.com/1212128
https://bugzilla.suse.com/1212129
https://bugzilla.suse.com/1212154
https://bugzilla.suse.com/1212158
https://bugzilla.suse.com/1212164
https://bugzilla.suse.com/1212165
https://bugzilla.suse.com/1212167
https://bugzilla.suse.com/1212170
https://bugzilla.suse.com/1212173
https://bugzilla.suse.com/1212175
https://bugzilla.suse.com/1212185
https://bugzilla.suse.com/1212236
https://bugzilla.suse.com/1212240
https://bugzilla.suse.com/1212244
https://bugzilla.suse.com/1212266
https://bugzilla.suse.com/1212443
https://bugzilla.suse.com/1212501
https://bugzilla.suse.com/1212502
https://bugzilla.suse.com/1212606
https://bugzilla.suse.com/1212701
https://bugzilla.suse.com/1212842
https://bugzilla.suse.com/1212938
https://lists.suse.com/pipermail/sle-updates/2023-July/030267.html
https://www.suse.com/security/cve/CVE-2023-1077
https://www.suse.com/security/cve/CVE-2023-1079
https://www.suse.com/security/cve/CVE-2023-1249
https://www.suse.com/security/cve/CVE-2023-1637
https://www.suse.com/security/cve/CVE-2023-2002
https://www.suse.com/security/cve/CVE-2023-3090
https://www.suse.com/security/cve/CVE-2023-3111
https://www.suse.com/security/cve/CVE-2023-3141
https://www.suse.com/security/cve/CVE-2023-3159
https://www.suse.com/security/cve/CVE-2023-3161
https://www.suse.com/security/cve/CVE-2023-3268
Plugin Details
Severity: High
ID: 178117
File Name: suse_SU-2023-2804-1.nasl
Version: 1.0
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/11/2023
Updated: 7/11/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2023-1079
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2023-3111
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, cpe:/o:novell:suse_linux:12
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/10/2023
Vulnerability Publication Date: 3/17/2023
Reference Information
CVE: CVE-2023-1077, CVE-2023-1079, CVE-2023-1249, CVE-2023-1637, CVE-2023-2002, CVE-2023-3090, CVE-2023-3111, CVE-2023-3141, CVE-2023-3159, CVE-2023-3161, CVE-2023-3268, CVE-2023-3358, CVE-2023-35824
SuSE: SUSE-SU-2023:2804-1