SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:2809-1)

high Nessus Plugin ID 178179

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2809-1 advisory.

- The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.
Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)

- A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.
L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a (CVE-2022-2196)

- A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue.
The identifier of this vulnerability is VDB-211020. (CVE-2022-3523)

- An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). (CVE-2022-36280)

- A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
(CVE-2022-38096)

- A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action mirred) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. (CVE-2022-4269)

- An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use- after-free, related to dvb_register_device dynamically allocating fops. (CVE-2022-45884)

- An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. (CVE-2022-45885)

- An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. (CVE-2022-45886)

- An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. (CVE-2022-45887)

- An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
(CVE-2022-45919)

- A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)

- The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 (CVE-2023-0045)

- A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4. (CVE-2023-0122)

- A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. (CVE-2023-0179)

- A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. (CVE-2023-0386)

- A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)

- There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)

- A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.
(CVE-2023-0469)

- A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (net: sched: fix race condition in qdisc_graft()) not applied yet, then kernel could be affected. (CVE-2023-0590)

- A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory. (CVE-2023-0597)

- A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. (CVE-2023-1075)

- A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. (CVE-2023-1076)

- In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. (CVE-2023-1077)

- A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. (CVE-2023-1078)

- A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.
(CVE-2023-1079)

- In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list
-- the list head is all zeroes, this results in a NULL pointer dereference. (CVE-2023-1095)

- A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2023-1118)

- A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 (coredump: Use the vma snapshot in fill_files_note) not applied yet, then kernel could be affected. (CVE-2023-1249)

- A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. (CVE-2023-1382)

- A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. (CVE-2023-1513)

- A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel.
This issue may allow a local attacker with user privilege to cause a denial of service. (CVE-2023-1582)

- A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub- component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash. (CVE-2023-1583)

- A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea (CVE-2023-1611)

- A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. (CVE-2023-1637)

- A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. (CVE-2023-1652)

- A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
(CVE-2023-1670)

- A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. (CVE-2023-1838)

- A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.
(CVE-2023-1855)

- A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. (CVE-2023-1989)

- The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection.
However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. (CVE-2023-1998)

- A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. (CVE-2023-2002)

- In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel (CVE-2023-21102)

- In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-265016072References: Upstream kernel (CVE-2023-21106)

- An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-2124)

- A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol.
This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. (CVE-2023-2156)

- A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
(CVE-2023-2162)

- A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. (CVE-2023-2176)

- A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)

- A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub- component. (CVE-2023-2269)

- In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-22998)

- In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. (CVE-2023-23000)

- In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-23001)

- In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-23004)

- In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). (CVE-2023-23006)

- cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)

- atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23455)

- The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. (CVE-2023-25012)

- A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. (CVE-2023-2513)

- In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)

- A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. (CVE-2023-28327)

- Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-28410)

- hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. (CVE-2023-28464)

- do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)

- In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
(CVE-2023-28866)

- A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim's hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible. (CVE-2023-3006)

- An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. (CVE-2023-30456)

- The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
(CVE-2023-30772)

- An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. (CVE-2023-31084)

- A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. (CVE-2023-3141)

- qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. (CVE-2023-31436)

- A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. (CVE-2023-3161)

- An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. (CVE-2023-3220)

- In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)

- An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. (CVE-2023-33288)

- A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. (CVE-2023-3357)

- A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. (CVE-2023-3358)

- An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7.
It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets.
This may result in denial of service or privilege escalation. (CVE-2023-35788)

- An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. (CVE-2023-35823)

- An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. (CVE-2023-35828)

- An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. (CVE-2023-35829)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1109158

https://bugzilla.suse.com/1142685

https://bugzilla.suse.com/1152472

https://bugzilla.suse.com/1152489

https://bugzilla.suse.com/1155798

https://bugzilla.suse.com/1160435

https://bugzilla.suse.com/1166486

https://bugzilla.suse.com/1172073

https://bugzilla.suse.com/1174777

https://bugzilla.suse.com/1177529

https://bugzilla.suse.com/1185861

https://bugzilla.suse.com/1186449

https://bugzilla.suse.com/1189998

https://bugzilla.suse.com/1189999

https://bugzilla.suse.com/1191731

https://bugzilla.suse.com/1193629

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1195175

https://bugzilla.suse.com/1195655

https://bugzilla.suse.com/1195921

https://bugzilla.suse.com/1196058

https://bugzilla.suse.com/1197534

https://bugzilla.suse.com/1197617

https://bugzilla.suse.com/1198101

https://bugzilla.suse.com/1198400

https://bugzilla.suse.com/1198438

https://bugzilla.suse.com/1198835

https://bugzilla.suse.com/1199304

https://bugzilla.suse.com/1199701

https://bugzilla.suse.com/1200054

https://bugzilla.suse.com/1202353

https://bugzilla.suse.com/1202633

https://bugzilla.suse.com/1203039

https://bugzilla.suse.com/1203200

https://bugzilla.suse.com/1203325

https://bugzilla.suse.com/1203331

https://bugzilla.suse.com/1203332

https://bugzilla.suse.com/1203693

https://bugzilla.suse.com/1203906

https://bugzilla.suse.com/1204356

https://bugzilla.suse.com/1204363

https://bugzilla.suse.com/1204662

https://bugzilla.suse.com/1204993

https://bugzilla.suse.com/1205153

https://bugzilla.suse.com/1205191

https://bugzilla.suse.com/1205205

https://bugzilla.suse.com/1205544

https://bugzilla.suse.com/1205650

https://bugzilla.suse.com/1205756

https://bugzilla.suse.com/1205758

https://bugzilla.suse.com/1205760

https://bugzilla.suse.com/1205762

https://bugzilla.suse.com/1205803

https://bugzilla.suse.com/1205846

https://bugzilla.suse.com/1206024

https://bugzilla.suse.com/1206036

https://bugzilla.suse.com/1206056

https://bugzilla.suse.com/1206057

https://bugzilla.suse.com/1206103

https://bugzilla.suse.com/1206224

https://bugzilla.suse.com/1206232

https://bugzilla.suse.com/1206340

https://bugzilla.suse.com/1206459

https://bugzilla.suse.com/1206492

https://bugzilla.suse.com/1206493

https://bugzilla.suse.com/1206578

https://bugzilla.suse.com/1206640

https://bugzilla.suse.com/1206649

https://bugzilla.suse.com/1206824

https://bugzilla.suse.com/1206843

https://bugzilla.suse.com/1206876

https://bugzilla.suse.com/1206877

https://bugzilla.suse.com/1206878

https://bugzilla.suse.com/1210336

https://bugzilla.suse.com/1210337

https://bugzilla.suse.com/1210409

https://bugzilla.suse.com/1210439

https://bugzilla.suse.com/1210449

https://bugzilla.suse.com/1210450

https://bugzilla.suse.com/1210453

https://bugzilla.suse.com/1210454

https://bugzilla.suse.com/1210469

https://bugzilla.suse.com/1210498

https://bugzilla.suse.com/1210506

https://bugzilla.suse.com/1210533

https://bugzilla.suse.com/1210551

https://bugzilla.suse.com/1210629

https://bugzilla.suse.com/1210644

https://bugzilla.suse.com/1210647

https://bugzilla.suse.com/1210725

https://bugzilla.suse.com/1210741

https://bugzilla.suse.com/1210762

https://bugzilla.suse.com/1210763

https://bugzilla.suse.com/1210764

https://bugzilla.suse.com/1210765

https://bugzilla.suse.com/1210766

https://bugzilla.suse.com/1210767

https://bugzilla.suse.com/1210768

https://bugzilla.suse.com/1210769

https://bugzilla.suse.com/1210770

https://bugzilla.suse.com/1210771

https://bugzilla.suse.com/1210775

https://bugzilla.suse.com/1210783

https://bugzilla.suse.com/1210791

https://bugzilla.suse.com/1210793

https://bugzilla.suse.com/1210806

https://bugzilla.suse.com/1210816

https://bugzilla.suse.com/1210817

https://bugzilla.suse.com/1210827

https://bugzilla.suse.com/1210940

https://bugzilla.suse.com/1210943

https://bugzilla.suse.com/1210947

https://bugzilla.suse.com/1210953

https://bugzilla.suse.com/1210986

https://bugzilla.suse.com/1211025

https://bugzilla.suse.com/1211037

https://bugzilla.suse.com/1211043

https://bugzilla.suse.com/1211044

https://bugzilla.suse.com/1211089

https://bugzilla.suse.com/1211105

https://bugzilla.suse.com/1211113

https://bugzilla.suse.com/1211131

https://bugzilla.suse.com/1211205

https://bugzilla.suse.com/1211263

https://bugzilla.suse.com/1211280

https://bugzilla.suse.com/1211281

https://bugzilla.suse.com/1211299

https://bugzilla.suse.com/1211346

https://bugzilla.suse.com/1211387

https://bugzilla.suse.com/1211400

https://bugzilla.suse.com/1211410

https://bugzilla.suse.com/1211414

https://bugzilla.suse.com/1211449

https://bugzilla.suse.com/1211465

https://bugzilla.suse.com/1211519

https://bugzilla.suse.com/1211564

https://bugzilla.suse.com/1211590

https://bugzilla.suse.com/1211592

https://bugzilla.suse.com/1211593

https://bugzilla.suse.com/1211595

https://bugzilla.suse.com/1211654

https://bugzilla.suse.com/1211686

https://bugzilla.suse.com/1211687

https://bugzilla.suse.com/1211688

https://bugzilla.suse.com/1211689

https://bugzilla.suse.com/1211690

https://bugzilla.suse.com/1211691

https://bugzilla.suse.com/1211692

https://bugzilla.suse.com/1211693

https://bugzilla.suse.com/1211714

https://bugzilla.suse.com/1211794

https://bugzilla.suse.com/1211796

https://bugzilla.suse.com/1211804

https://bugzilla.suse.com/1211807

https://bugzilla.suse.com/1211808

https://bugzilla.suse.com/1211820

https://bugzilla.suse.com/1211836

https://bugzilla.suse.com/1211847

https://bugzilla.suse.com/1211852

https://bugzilla.suse.com/1211855

https://bugzilla.suse.com/1211960

https://bugzilla.suse.com/1212129

https://bugzilla.suse.com/1212154

https://bugzilla.suse.com/1212155

https://bugzilla.suse.com/1212158

https://bugzilla.suse.com/1212350

https://bugzilla.suse.com/1212405

https://bugzilla.suse.com/1212445

https://bugzilla.suse.com/1212448

https://bugzilla.suse.com/1212494

https://bugzilla.suse.com/1212495

https://bugzilla.suse.com/1212504

https://bugzilla.suse.com/1212513

https://bugzilla.suse.com/1212540

https://bugzilla.suse.com/1212556

https://bugzilla.suse.com/1212561

https://bugzilla.suse.com/1212563

https://bugzilla.suse.com/1212564

https://bugzilla.suse.com/1212584

https://bugzilla.suse.com/1212592

https://bugzilla.suse.com/1212605

https://bugzilla.suse.com/1212606

https://bugzilla.suse.com/1212619

https://bugzilla.suse.com/1212701

https://bugzilla.suse.com/1212741

https://lists.suse.com/pipermail/sle-updates/2023-July/030270.html

https://www.suse.com/security/cve/CVE-2020-24588

https://www.suse.com/security/cve/CVE-2022-2196

https://www.suse.com/security/cve/CVE-2022-3523

https://www.suse.com/security/cve/CVE-2022-36280

https://www.suse.com/security/cve/CVE-2022-38096

https://www.suse.com/security/cve/CVE-2022-4269

https://www.suse.com/security/cve/CVE-2022-45884

https://www.suse.com/security/cve/CVE-2022-45885

https://www.suse.com/security/cve/CVE-2022-45886

https://www.suse.com/security/cve/CVE-2022-45887

https://www.suse.com/security/cve/CVE-2022-45919

https://www.suse.com/security/cve/CVE-2022-4744

https://www.suse.com/security/cve/CVE-2023-0045

https://www.suse.com/security/cve/CVE-2023-0122

https://www.suse.com/security/cve/CVE-2023-0179

https://www.suse.com/security/cve/CVE-2023-0386

https://www.suse.com/security/cve/CVE-2023-0394

https://www.suse.com/security/cve/CVE-2023-0461

https://www.suse.com/security/cve/CVE-2023-0469

https://www.suse.com/security/cve/CVE-2023-0590

https://www.suse.com/security/cve/CVE-2023-0597

https://www.suse.com/security/cve/CVE-2023-1075

https://www.suse.com/security/cve/CVE-2023-1076

https://www.suse.com/security/cve/CVE-2023-1077

https://www.suse.com/security/cve/CVE-2023-1078

https://www.suse.com/security/cve/CVE-2023-1079

https://www.suse.com/security/cve/CVE-2023-1095

https://www.suse.com/security/cve/CVE-2023-1118

https://www.suse.com/security/cve/CVE-2023-1249

https://www.suse.com/security/cve/CVE-2023-1382

https://www.suse.com/security/cve/CVE-2023-1513

https://www.suse.com/security/cve/CVE-2023-1582

https://www.suse.com/security/cve/CVE-2023-1583

https://www.suse.com/security/cve/CVE-2023-1611

https://www.suse.com/security/cve/CVE-2023-1637

https://www.suse.com/security/cve/CVE-2023-1652

https://www.suse.com/security/cve/CVE-2023-1670

https://www.suse.com/security/cve/CVE-2023-1838

https://www.suse.com/security/cve/CVE-2023-1855

https://www.suse.com/security/cve/CVE-2023-1989

https://www.suse.com/security/cve/CVE-2023-1998

https://www.suse.com/security/cve/CVE-2023-2002

https://www.suse.com/security/cve/CVE-2023-21102

https://www.suse.com/security/cve/CVE-2023-21106

https://www.suse.com/security/cve/CVE-2023-2124

https://www.suse.com/security/cve/CVE-2023-2156

https://www.suse.com/security/cve/CVE-2023-2162

https://www.suse.com/security/cve/CVE-2023-2176

https://www.suse.com/security/cve/CVE-2023-2235

https://www.suse.com/security/cve/CVE-2023-2269

https://www.suse.com/security/cve/CVE-2023-22998

https://www.suse.com/security/cve/CVE-2023-23000

https://www.suse.com/security/cve/CVE-2023-23001

https://www.suse.com/security/cve/CVE-2023-23004

https://www.suse.com/security/cve/CVE-2023-23006

https://www.suse.com/security/cve/CVE-2023-23454

https://www.suse.com/security/cve/CVE-2023-23455

https://www.suse.com/security/cve/CVE-2023-2483

https://www.suse.com/security/cve/CVE-2023-25012

https://www.suse.com/security/cve/CVE-2023-2513

https://www.suse.com/security/cve/CVE-2023-26545

https://www.suse.com/security/cve/CVE-2023-28327

https://www.suse.com/security/cve/CVE-2023-28410

https://www.suse.com/security/cve/CVE-2023-28464

https://www.suse.com/security/cve/CVE-2023-28466

https://www.suse.com/security/cve/CVE-2023-28866

https://www.suse.com/security/cve/CVE-2023-3006

https://www.suse.com/security/cve/CVE-2023-30456

https://www.suse.com/security/cve/CVE-2023-30772

https://www.suse.com/security/cve/CVE-2023-31084

https://www.suse.com/security/cve/CVE-2023-3141

https://www.suse.com/security/cve/CVE-2023-31436

https://www.suse.com/security/cve/CVE-2023-3161

https://www.suse.com/security/cve/CVE-2023-3220

https://www.suse.com/security/cve/CVE-2023-32233

https://www.suse.com/security/cve/CVE-2023-33288

https://www.suse.com/security/cve/CVE-2023-3357

https://www.suse.com/security/cve/CVE-2023-3358

https://www.suse.com/security/cve/CVE-2023-33951

https://www.suse.com/security/cve/CVE-2023-33952

https://www.suse.com/security/cve/CVE-2023-35788

https://www.suse.com/security/cve/CVE-2023-35823

https://www.suse.com/security/cve/CVE-2023-35828

https://www.suse.com/security/cve/CVE-2023-35829

https://bugzilla.suse.com/1206880

https://bugzilla.suse.com/1206881

https://bugzilla.suse.com/1206882

https://bugzilla.suse.com/1206883

https://bugzilla.suse.com/1206884

https://bugzilla.suse.com/1206885

https://bugzilla.suse.com/1206886

https://bugzilla.suse.com/1206887

https://bugzilla.suse.com/1206888

https://bugzilla.suse.com/1206889

https://bugzilla.suse.com/1206890

https://bugzilla.suse.com/1206891

https://bugzilla.suse.com/1206893

https://bugzilla.suse.com/1206894

https://bugzilla.suse.com/1206935

https://bugzilla.suse.com/1206992

https://bugzilla.suse.com/1207034

https://bugzilla.suse.com/1207036

https://bugzilla.suse.com/1207050

https://bugzilla.suse.com/1207051

https://bugzilla.suse.com/1207088

https://bugzilla.suse.com/1207125

https://bugzilla.suse.com/1207149

https://bugzilla.suse.com/1207158

https://bugzilla.suse.com/1207168

https://bugzilla.suse.com/1207185

https://bugzilla.suse.com/1207270

https://bugzilla.suse.com/1207315

https://bugzilla.suse.com/1207328

https://bugzilla.suse.com/1207497

https://bugzilla.suse.com/1207500

https://bugzilla.suse.com/1207501

https://bugzilla.suse.com/1207506

https://bugzilla.suse.com/1207507

https://bugzilla.suse.com/1207521

https://bugzilla.suse.com/1207553

https://bugzilla.suse.com/1207560

https://bugzilla.suse.com/1207574

https://bugzilla.suse.com/1207588

https://bugzilla.suse.com/1207589

https://bugzilla.suse.com/1207590

https://bugzilla.suse.com/1207591

https://bugzilla.suse.com/1207592

https://bugzilla.suse.com/1207593

https://bugzilla.suse.com/1207594

https://bugzilla.suse.com/1207602

https://bugzilla.suse.com/1207603

https://bugzilla.suse.com/1207605

https://bugzilla.suse.com/1207606

https://bugzilla.suse.com/1207607

https://bugzilla.suse.com/1207608

https://bugzilla.suse.com/1207609

https://bugzilla.suse.com/1207610

https://bugzilla.suse.com/1207611

https://bugzilla.suse.com/1207612

https://bugzilla.suse.com/1207613

https://bugzilla.suse.com/1207614

https://bugzilla.suse.com/1207615

https://bugzilla.suse.com/1207616

https://bugzilla.suse.com/1207617

https://bugzilla.suse.com/1207618

https://bugzilla.suse.com/1207619

https://bugzilla.suse.com/1207620

https://bugzilla.suse.com/1207621

https://bugzilla.suse.com/1207622

https://bugzilla.suse.com/1207623

https://bugzilla.suse.com/1207624

https://bugzilla.suse.com/1207625

https://bugzilla.suse.com/1207626

https://bugzilla.suse.com/1207627

https://bugzilla.suse.com/1207628

https://bugzilla.suse.com/1207629

https://bugzilla.suse.com/1207630

https://bugzilla.suse.com/1207631

https://bugzilla.suse.com/1207632

https://bugzilla.suse.com/1207633

https://bugzilla.suse.com/1207634

https://bugzilla.suse.com/1207635

https://bugzilla.suse.com/1207636

https://bugzilla.suse.com/1207637

https://bugzilla.suse.com/1207638

https://bugzilla.suse.com/1207639

https://bugzilla.suse.com/1207640

https://bugzilla.suse.com/1207641

https://bugzilla.suse.com/1207642

https://bugzilla.suse.com/1207643

https://bugzilla.suse.com/1207644

https://bugzilla.suse.com/1207645

https://bugzilla.suse.com/1207646

https://bugzilla.suse.com/1207647

https://bugzilla.suse.com/1207648

https://bugzilla.suse.com/1207649

https://bugzilla.suse.com/1207650

https://bugzilla.suse.com/1207651

https://bugzilla.suse.com/1207652

https://bugzilla.suse.com/1207653

https://bugzilla.suse.com/1207734

https://bugzilla.suse.com/1207768

https://bugzilla.suse.com/1207769

https://bugzilla.suse.com/1207770

https://bugzilla.suse.com/1207771

https://bugzilla.suse.com/1207773

https://bugzilla.suse.com/1207795

https://bugzilla.suse.com/1207827

https://bugzilla.suse.com/1207842

https://bugzilla.suse.com/1207845

https://bugzilla.suse.com/1207875

https://bugzilla.suse.com/1207878

https://bugzilla.suse.com/1207933

https://bugzilla.suse.com/1207935

https://bugzilla.suse.com/1207948

https://bugzilla.suse.com/1208050

https://bugzilla.suse.com/1208076

https://bugzilla.suse.com/1208081

https://bugzilla.suse.com/1208105

https://bugzilla.suse.com/1208107

https://bugzilla.suse.com/1208128

https://bugzilla.suse.com/1208130

https://bugzilla.suse.com/1208149

https://bugzilla.suse.com/1208153

https://bugzilla.suse.com/1208183

https://bugzilla.suse.com/1208212

https://bugzilla.suse.com/1208219

https://bugzilla.suse.com/1208290

https://bugzilla.suse.com/1208368

https://bugzilla.suse.com/1208410

https://bugzilla.suse.com/1208420

https://bugzilla.suse.com/1208428

https://bugzilla.suse.com/1208429

https://bugzilla.suse.com/1208449

https://bugzilla.suse.com/1208534

https://bugzilla.suse.com/1208541

https://bugzilla.suse.com/1208542

https://bugzilla.suse.com/1208570

https://bugzilla.suse.com/1208588

https://bugzilla.suse.com/1208598

https://bugzilla.suse.com/1208599

https://bugzilla.suse.com/1208600

https://bugzilla.suse.com/1208601

https://bugzilla.suse.com/1208602

https://bugzilla.suse.com/1208604

https://bugzilla.suse.com/1208605

https://bugzilla.suse.com/1208607

https://bugzilla.suse.com/1208619

https://bugzilla.suse.com/1208628

https://bugzilla.suse.com/1208700

https://bugzilla.suse.com/1208741

https://bugzilla.suse.com/1208758

https://bugzilla.suse.com/1208759

https://bugzilla.suse.com/1208776

https://bugzilla.suse.com/1208777

https://bugzilla.suse.com/1208784

https://bugzilla.suse.com/1208787

https://bugzilla.suse.com/1208815

https://bugzilla.suse.com/1208816

https://bugzilla.suse.com/1208829

https://bugzilla.suse.com/1208837

https://bugzilla.suse.com/1208843

https://bugzilla.suse.com/1208845

https://bugzilla.suse.com/1208848

https://bugzilla.suse.com/1208864

https://bugzilla.suse.com/1208902

https://bugzilla.suse.com/1208948

https://bugzilla.suse.com/1208976

https://bugzilla.suse.com/1209008

https://bugzilla.suse.com/1209039

https://bugzilla.suse.com/1209052

https://bugzilla.suse.com/1209092

https://bugzilla.suse.com/1209159

https://bugzilla.suse.com/1209256

https://bugzilla.suse.com/1209258

https://bugzilla.suse.com/1209262

https://bugzilla.suse.com/1209287

https://bugzilla.suse.com/1209288

https://bugzilla.suse.com/1209290

https://bugzilla.suse.com/1209291

https://bugzilla.suse.com/1209292

https://bugzilla.suse.com/1209366

https://bugzilla.suse.com/1209367

https://bugzilla.suse.com/1209436

https://bugzilla.suse.com/1209457

https://bugzilla.suse.com/1209504

https://bugzilla.suse.com/1209532

https://bugzilla.suse.com/1209556

https://bugzilla.suse.com/1209600

https://bugzilla.suse.com/1209615

https://bugzilla.suse.com/1209635

https://bugzilla.suse.com/1209636

https://bugzilla.suse.com/1209637

https://bugzilla.suse.com/1209684

https://bugzilla.suse.com/1209687

https://bugzilla.suse.com/1209693

https://bugzilla.suse.com/1209739

https://bugzilla.suse.com/1209779

https://bugzilla.suse.com/1209780

https://bugzilla.suse.com/1209788

https://bugzilla.suse.com/1209798

https://bugzilla.suse.com/1209799

https://bugzilla.suse.com/1209804

https://bugzilla.suse.com/1209805

https://bugzilla.suse.com/1209856

https://bugzilla.suse.com/1209871

https://bugzilla.suse.com/1209927

https://bugzilla.suse.com/1209980

https://bugzilla.suse.com/1209982

https://bugzilla.suse.com/1209999

https://bugzilla.suse.com/1210034

https://bugzilla.suse.com/1210050

https://bugzilla.suse.com/1210158

https://bugzilla.suse.com/1210165

https://bugzilla.suse.com/1210202

https://bugzilla.suse.com/1210203

https://bugzilla.suse.com/1210206

https://bugzilla.suse.com/1210216

https://bugzilla.suse.com/1210230

https://bugzilla.suse.com/1210294

https://bugzilla.suse.com/1210301

https://bugzilla.suse.com/1210329

Plugin Details

Severity: High

ID: 178179

File Name: suse_SU-2023-2809-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 7/12/2023

Updated: 9/27/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Low

Base Score: 2.9

Temporal Score: 2.5

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-24588

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-2196

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150500_13_5-rt, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/11/2023

Vulnerability Publication Date: 5/11/2021

Exploitable With

Core Impact

Metasploit (Local Privilege Escalation via CVE-2023-0386)

Reference Information

CVE: CVE-2020-24588, CVE-2022-2196, CVE-2022-3523, CVE-2022-36280, CVE-2022-38096, CVE-2022-4269, CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887, CVE-2022-45919, CVE-2022-4744, CVE-2023-0045, CVE-2023-0122, CVE-2023-0179, CVE-2023-0386, CVE-2023-0394, CVE-2023-0461, CVE-2023-0469, CVE-2023-0590, CVE-2023-0597, CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078, CVE-2023-1079, CVE-2023-1095, CVE-2023-1118, CVE-2023-1249, CVE-2023-1382, CVE-2023-1513, CVE-2023-1582, CVE-2023-1583, CVE-2023-1611, CVE-2023-1637, CVE-2023-1652, CVE-2023-1670, CVE-2023-1838, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2002, CVE-2023-21102, CVE-2023-21106, CVE-2023-2124, CVE-2023-2156, CVE-2023-2162, CVE-2023-2176, CVE-2023-2235, CVE-2023-2269, CVE-2023-22998, CVE-2023-23000, CVE-2023-23001, CVE-2023-23004, CVE-2023-23006, CVE-2023-23454, CVE-2023-23455, CVE-2023-2483, CVE-2023-25012, CVE-2023-2513, CVE-2023-26545, CVE-2023-28327, CVE-2023-28410, CVE-2023-28464, CVE-2023-28466, CVE-2023-28866, CVE-2023-3006, CVE-2023-30456, CVE-2023-30772, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3220, CVE-2023-32233, CVE-2023-33288, CVE-2023-3357, CVE-2023-3358, CVE-2023-33951, CVE-2023-33952, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829

SuSE: SUSE-SU-2023:2809-1