SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:2892-1)

high Nessus Plugin ID 178589

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2892-1 advisory.

- A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 (coredump: Use the vma snapshot in fill_files_note) not applied yet, then kernel could be affected. (CVE-2023-1249)

- A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. (CVE-2023-1829)

- In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
(CVE-2023-28866)

- A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)

- A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). (CVE-2023-3111)

- A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
(CVE-2023-3212)

- An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. (CVE-2023-3220)

- A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. (CVE-2023-3357)

- A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. (CVE-2023-3358)

- A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). (CVE-2023-3389)

- An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7.
It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets.
This may result in denial of service or privilege escalation. (CVE-2023-35788)

- An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. (CVE-2023-35823)

- An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. (CVE-2023-35828)

- An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. (CVE-2023-35829)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1187829

https://bugzilla.suse.com/1189998

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1205758

https://bugzilla.suse.com/1208410

https://bugzilla.suse.com/1209039

https://bugzilla.suse.com/1209780

https://bugzilla.suse.com/1210335

https://bugzilla.suse.com/1210565

https://bugzilla.suse.com/1210584

https://bugzilla.suse.com/1210853

https://bugzilla.suse.com/1211014

https://bugzilla.suse.com/1211346

https://bugzilla.suse.com/1211400

https://bugzilla.suse.com/1211410

https://bugzilla.suse.com/1211794

https://bugzilla.suse.com/1211852

https://bugzilla.suse.com/1212051

https://bugzilla.suse.com/1212265

https://bugzilla.suse.com/1212350

https://bugzilla.suse.com/1212405

https://bugzilla.suse.com/1212445

https://bugzilla.suse.com/1212448

https://bugzilla.suse.com/1212456

https://bugzilla.suse.com/1212494

https://bugzilla.suse.com/1212495

https://bugzilla.suse.com/1212504

https://bugzilla.suse.com/1212513

https://bugzilla.suse.com/1212540

https://bugzilla.suse.com/1212556

https://bugzilla.suse.com/1212561

https://bugzilla.suse.com/1212563

https://bugzilla.suse.com/1212564

https://bugzilla.suse.com/1212584

https://bugzilla.suse.com/1212592

https://bugzilla.suse.com/1212603

https://bugzilla.suse.com/1212605

https://bugzilla.suse.com/1212606

https://bugzilla.suse.com/1212619

https://bugzilla.suse.com/1212685

https://bugzilla.suse.com/1212701

https://bugzilla.suse.com/1212741

https://bugzilla.suse.com/1212835

https://bugzilla.suse.com/1212838

https://bugzilla.suse.com/1212842

https://bugzilla.suse.com/1212848

https://bugzilla.suse.com/1212861

https://bugzilla.suse.com/1212869

https://bugzilla.suse.com/1212892

https://bugzilla.suse.com/1212961

https://bugzilla.suse.com/1213010

https://bugzilla.suse.com/1213011

https://bugzilla.suse.com/1213012

https://bugzilla.suse.com/1213013

https://bugzilla.suse.com/1213014

https://bugzilla.suse.com/1213015

https://bugzilla.suse.com/1213016

https://bugzilla.suse.com/1213017

https://bugzilla.suse.com/1213018

https://bugzilla.suse.com/1213019

https://bugzilla.suse.com/1213020

https://bugzilla.suse.com/1213021

https://bugzilla.suse.com/1213024

https://bugzilla.suse.com/1213025

https://bugzilla.suse.com/1213032

https://bugzilla.suse.com/1213034

https://bugzilla.suse.com/1213035

https://bugzilla.suse.com/1213036

https://bugzilla.suse.com/1213037

https://bugzilla.suse.com/1213038

https://bugzilla.suse.com/1213039

https://bugzilla.suse.com/1213040

https://bugzilla.suse.com/1213041

https://bugzilla.suse.com/1213087

https://bugzilla.suse.com/1213088

https://bugzilla.suse.com/1213089

https://bugzilla.suse.com/1213090

https://bugzilla.suse.com/1213092

https://bugzilla.suse.com/1213093

https://bugzilla.suse.com/1213094

https://bugzilla.suse.com/1213095

https://bugzilla.suse.com/1213096

https://bugzilla.suse.com/1213098

https://bugzilla.suse.com/1213099

https://bugzilla.suse.com/1213100

https://bugzilla.suse.com/1213102

https://bugzilla.suse.com/1213103

https://bugzilla.suse.com/1213104

https://bugzilla.suse.com/1213105

https://bugzilla.suse.com/1213106

https://bugzilla.suse.com/1213107

https://bugzilla.suse.com/1213108

https://bugzilla.suse.com/1213109

https://bugzilla.suse.com/1213110

https://bugzilla.suse.com/1213111

https://bugzilla.suse.com/1213112

https://bugzilla.suse.com/1213113

https://bugzilla.suse.com/1213114

https://bugzilla.suse.com/1213116

https://bugzilla.suse.com/1213134

http://www.nessus.org/u?872f5fd7

https://www.suse.com/security/cve/CVE-2023-1249

https://www.suse.com/security/cve/CVE-2023-1829

https://www.suse.com/security/cve/CVE-2023-2430

https://www.suse.com/security/cve/CVE-2023-28866

https://www.suse.com/security/cve/CVE-2023-3090

https://www.suse.com/security/cve/CVE-2023-3111

https://www.suse.com/security/cve/CVE-2023-3212

https://www.suse.com/security/cve/CVE-2023-3220

https://www.suse.com/security/cve/CVE-2023-3357

https://www.suse.com/security/cve/CVE-2023-3358

https://www.suse.com/security/cve/CVE-2023-3389

https://www.suse.com/security/cve/CVE-2023-35788

https://www.suse.com/security/cve/CVE-2023-35823

https://www.suse.com/security/cve/CVE-2023-35828

https://www.suse.com/security/cve/CVE-2023-35829

Plugin Details

Severity: High

ID: 178589

File Name: suse_SU-2023-2892-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 7/20/2023

Updated: 7/20/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-35788

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/19/2023

Vulnerability Publication Date: 3/17/2023

Reference Information

CVE: CVE-2023-1249, CVE-2023-1829, CVE-2023-2430, CVE-2023-28866, CVE-2023-3090, CVE-2023-3111, CVE-2023-3212, CVE-2023-3220, CVE-2023-3357, CVE-2023-3358, CVE-2023-3389, CVE-2023-35788, CVE-2023-35823, CVE-2023-35828, CVE-2023-35829

SuSE: SUSE-SU-2023:2892-1