SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:4734-1)

critical Nessus Plugin ID 186816

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4734-1 advisory.

- A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
(CVE-2023-2006)

- Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
(CVE-2023-25775)

- A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. (CVE-2023-39198)

- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8. (CVE-2023-4244)

- An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. (CVE-2023-45863)

- An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. (CVE-2023-45871)

- An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. (CVE-2023-46862)

- A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.
(CVE-2023-5158)

- The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use- after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. (CVE-2023-5633)

- A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)

- A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub- component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. (CVE-2023-6039)

- A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. (CVE-2023-6176)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1084909

https://bugzilla.suse.com/1207948

https://bugzilla.suse.com/1210447

https://bugzilla.suse.com/1214286

https://bugzilla.suse.com/1214700

https://bugzilla.suse.com/1214840

https://bugzilla.suse.com/1214976

https://bugzilla.suse.com/1215123

https://bugzilla.suse.com/1215124

https://bugzilla.suse.com/1215292

https://bugzilla.suse.com/1215420

https://bugzilla.suse.com/1215458

https://bugzilla.suse.com/1215710

https://bugzilla.suse.com/1215802

https://bugzilla.suse.com/1215931

https://bugzilla.suse.com/1216058

https://bugzilla.suse.com/1216105

https://bugzilla.suse.com/1216259

https://bugzilla.suse.com/1216527

https://bugzilla.suse.com/1216584

https://bugzilla.suse.com/1216687

https://bugzilla.suse.com/1216693

https://bugzilla.suse.com/1216759

https://bugzilla.suse.com/1216788

https://bugzilla.suse.com/1216844

https://bugzilla.suse.com/1216861

https://bugzilla.suse.com/1216909

https://bugzilla.suse.com/1216959

https://bugzilla.suse.com/1216965

https://bugzilla.suse.com/1216976

https://bugzilla.suse.com/1217036

https://bugzilla.suse.com/1217068

https://bugzilla.suse.com/1217086

https://bugzilla.suse.com/1217095

https://bugzilla.suse.com/1217124

https://bugzilla.suse.com/1217140

https://bugzilla.suse.com/1217147

https://bugzilla.suse.com/1217195

https://bugzilla.suse.com/1217196

https://bugzilla.suse.com/1217200

https://bugzilla.suse.com/1217205

https://bugzilla.suse.com/1217332

https://bugzilla.suse.com/1217366

https://bugzilla.suse.com/1217511

https://bugzilla.suse.com/1217515

https://bugzilla.suse.com/1217598

https://bugzilla.suse.com/1217599

https://bugzilla.suse.com/1217609

https://bugzilla.suse.com/1217687

https://bugzilla.suse.com/1217731

https://bugzilla.suse.com/1217780

https://lists.suse.com/pipermail/sle-updates/2023-December/033074.html

https://www.suse.com/security/cve/CVE-2023-2006

https://www.suse.com/security/cve/CVE-2023-25775

https://www.suse.com/security/cve/CVE-2023-39197

https://www.suse.com/security/cve/CVE-2023-39198

https://www.suse.com/security/cve/CVE-2023-4244

https://www.suse.com/security/cve/CVE-2023-45863

https://www.suse.com/security/cve/CVE-2023-45871

https://www.suse.com/security/cve/CVE-2023-46862

https://www.suse.com/security/cve/CVE-2023-5158

https://www.suse.com/security/cve/CVE-2023-5633

https://www.suse.com/security/cve/CVE-2023-5717

https://www.suse.com/security/cve/CVE-2023-6039

https://www.suse.com/security/cve/CVE-2023-6176

Plugin Details

Severity: Critical

ID: 186816

File Name: suse_SU-2023-4734-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/13/2023

Updated: 1/5/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-25775

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/12/2023

Vulnerability Publication Date: 3/17/2023

Reference Information

CVE: CVE-2023-2006, CVE-2023-25775, CVE-2023-39197, CVE-2023-39198, CVE-2023-4244, CVE-2023-45863, CVE-2023-45871, CVE-2023-46862, CVE-2023-5158, CVE-2023-5633, CVE-2023-5717, CVE-2023-6039, CVE-2023-6176

SuSE: SUSE-SU-2023:4734-1