SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3182-1)

high Nessus Plugin ID 179350

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3182-1 advisory.

- An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. (CVE-2023-20593)

- A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. (CVE-2023-2985)

- ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-3390. Reason: This record is a duplicate of CVE-2023-3390. Notes: All CVE users should reference CVE-2023-3390 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. (CVE-2023-3117)

- Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248)

- A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)

- Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001)

- A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
(CVE-2023-3609)

- An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out- of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. (CVE-2023-3611)

- An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-3812)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1150305

https://bugzilla.suse.com/1193629

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1207894

https://bugzilla.suse.com/1208788

https://bugzilla.suse.com/1210565

https://bugzilla.suse.com/1210584

https://bugzilla.suse.com/1210853

https://bugzilla.suse.com/1211243

https://bugzilla.suse.com/1211811

https://bugzilla.suse.com/1211867

https://bugzilla.suse.com/1212301

https://bugzilla.suse.com/1212846

https://bugzilla.suse.com/1212905

https://bugzilla.suse.com/1213010

https://bugzilla.suse.com/1213011

https://bugzilla.suse.com/1213012

https://bugzilla.suse.com/1213013

https://bugzilla.suse.com/1213014

https://bugzilla.suse.com/1213015

https://bugzilla.suse.com/1213016

https://bugzilla.suse.com/1213017

https://bugzilla.suse.com/1213018

https://bugzilla.suse.com/1213019

https://bugzilla.suse.com/1213020

https://bugzilla.suse.com/1213021

https://bugzilla.suse.com/1213024

https://bugzilla.suse.com/1213025

https://bugzilla.suse.com/1213032

https://bugzilla.suse.com/1213034

https://bugzilla.suse.com/1213035

https://bugzilla.suse.com/1213036

https://bugzilla.suse.com/1213037

https://bugzilla.suse.com/1213038

https://bugzilla.suse.com/1213039

https://bugzilla.suse.com/1213040

https://bugzilla.suse.com/1213041

https://bugzilla.suse.com/1213059

https://bugzilla.suse.com/1213061

https://bugzilla.suse.com/1213087

https://bugzilla.suse.com/1213088

https://bugzilla.suse.com/1213089

https://bugzilla.suse.com/1213090

https://bugzilla.suse.com/1213092

https://bugzilla.suse.com/1213093

https://bugzilla.suse.com/1213094

https://bugzilla.suse.com/1213095

https://bugzilla.suse.com/1213096

https://bugzilla.suse.com/1213098

https://bugzilla.suse.com/1213099

https://bugzilla.suse.com/1213100

https://bugzilla.suse.com/1213102

https://bugzilla.suse.com/1213103

https://bugzilla.suse.com/1213104

https://bugzilla.suse.com/1213105

https://bugzilla.suse.com/1213106

https://bugzilla.suse.com/1213107

https://bugzilla.suse.com/1213108

https://bugzilla.suse.com/1213109

https://bugzilla.suse.com/1213110

https://bugzilla.suse.com/1213111

https://bugzilla.suse.com/1213112

https://bugzilla.suse.com/1213113

https://bugzilla.suse.com/1213114

https://bugzilla.suse.com/1213134

https://bugzilla.suse.com/1213245

https://bugzilla.suse.com/1213247

https://bugzilla.suse.com/1213252

https://bugzilla.suse.com/1213258

https://bugzilla.suse.com/1213259

https://bugzilla.suse.com/1213263

https://bugzilla.suse.com/1213264

https://bugzilla.suse.com/1213286

https://bugzilla.suse.com/1213523

https://bugzilla.suse.com/1213524

https://bugzilla.suse.com/1213543

https://bugzilla.suse.com/1213585

https://bugzilla.suse.com/1213586

https://bugzilla.suse.com/1213705

https://lists.suse.com/pipermail/sle-updates/2023-August/030784.html

https://www.suse.com/security/cve/CVE-2023-20593

https://www.suse.com/security/cve/CVE-2023-2985

https://www.suse.com/security/cve/CVE-2023-3117

https://www.suse.com/security/cve/CVE-2023-31248

https://www.suse.com/security/cve/CVE-2023-3390

https://www.suse.com/security/cve/CVE-2023-35001

https://www.suse.com/security/cve/CVE-2023-3609

https://www.suse.com/security/cve/CVE-2023-3611

https://www.suse.com/security/cve/CVE-2023-3812

Plugin Details

Severity: High

ID: 179350

File Name: suse_SU-2023-3182-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 8/4/2023

Updated: 8/4/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-3812

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/3/2023

Vulnerability Publication Date: 6/1/2023

Reference Information

CVE: CVE-2023-20593, CVE-2023-2985, CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3609, CVE-2023-3611, CVE-2023-3812

SuSE: SUSE-SU-2023:3182-1