SUSE SLES12 Security Update : kernel (SUSE-SU-2023:3681-1)

high Nessus Plugin ID 181659

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3681-1 advisory.

- An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
(CVE-2022-36402)

- The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2007)

- A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588)

- A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588) (CVE-2023-34319)

- A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)

- An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-3812)

- A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel.
This flaw allows a local user with special privileges to impact a kernel information leak issue.
(CVE-2023-3863)

- An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. (CVE-2023-40283)

- A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)

- A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4132)

- A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. (CVE-2023-4133)

- A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (tun: tun_chr_open(): correctly initialize socket uid), - 66b2c338adce (tap: tap_open():
correctly initialize socket uid), pass inode->i_uid to sock_init_data_uid() as the last parameter and that turns out to not be accurate. (CVE-2023-4194)

- A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. (CVE-2023-4385)

- A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. (CVE-2023-4387)

- A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
(CVE-2023-4459)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1120059

https://bugzilla.suse.com/1203517

https://bugzilla.suse.com/1210327

https://bugzilla.suse.com/1210448

https://bugzilla.suse.com/1212051

https://bugzilla.suse.com/1213543

https://bugzilla.suse.com/1213546

https://bugzilla.suse.com/1213601

https://bugzilla.suse.com/1213666

https://bugzilla.suse.com/1213899

https://bugzilla.suse.com/1213904

https://bugzilla.suse.com/1213906

https://bugzilla.suse.com/1213908

https://bugzilla.suse.com/1213910

https://bugzilla.suse.com/1213911

https://bugzilla.suse.com/1213912

https://bugzilla.suse.com/1213921

https://bugzilla.suse.com/1213927

https://bugzilla.suse.com/1213969

https://bugzilla.suse.com/1213970

https://bugzilla.suse.com/1213971

https://bugzilla.suse.com/1214019

https://bugzilla.suse.com/1214149

https://bugzilla.suse.com/1214157

https://bugzilla.suse.com/1214209

https://bugzilla.suse.com/1214233

https://bugzilla.suse.com/1214299

https://bugzilla.suse.com/1214335

https://bugzilla.suse.com/1214348

https://bugzilla.suse.com/1214350

https://bugzilla.suse.com/1214451

https://bugzilla.suse.com/1214453

https://bugzilla.suse.com/1214752

https://bugzilla.suse.com/1214928

https://bugzilla.suse.com/1215028

https://bugzilla.suse.com/1215032

https://bugzilla.suse.com/1215034

https://bugzilla.suse.com/1215035

https://bugzilla.suse.com/1215036

https://bugzilla.suse.com/1215037

https://bugzilla.suse.com/1215038

https://bugzilla.suse.com/1215041

https://bugzilla.suse.com/1215046

https://bugzilla.suse.com/1215049

https://bugzilla.suse.com/1215057

http://www.nessus.org/u?8805a9c1

https://www.suse.com/security/cve/CVE-2022-36402

https://www.suse.com/security/cve/CVE-2023-2007

https://www.suse.com/security/cve/CVE-2023-20588

https://www.suse.com/security/cve/CVE-2023-34319

https://www.suse.com/security/cve/CVE-2023-3772

https://www.suse.com/security/cve/CVE-2023-3812

https://www.suse.com/security/cve/CVE-2023-3863

https://www.suse.com/security/cve/CVE-2023-40283

https://www.suse.com/security/cve/CVE-2023-4128

https://www.suse.com/security/cve/CVE-2023-4132

https://www.suse.com/security/cve/CVE-2023-4133

https://www.suse.com/security/cve/CVE-2023-4134

https://www.suse.com/security/cve/CVE-2023-4194

https://www.suse.com/security/cve/CVE-2023-4385

https://www.suse.com/security/cve/CVE-2023-4387

https://www.suse.com/security/cve/CVE-2023-4459

Plugin Details

Severity: High

ID: 181659

File Name: suse_SU-2023-3681-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/20/2023

Updated: 11/15/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-40283

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-devel-azure

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/19/2023

Vulnerability Publication Date: 9/16/2022

Reference Information

CVE: CVE-2022-36402, CVE-2023-2007, CVE-2023-20588, CVE-2023-34319, CVE-2023-3772, CVE-2023-3812, CVE-2023-3863, CVE-2023-40283, CVE-2023-4128, CVE-2023-4132, CVE-2023-4133, CVE-2023-4134, CVE-2023-4194, CVE-2023-4385, CVE-2023-4387, CVE-2023-4459

SuSE: SUSE-SU-2023:3681-1