SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0468-1)

high Nessus Plugin ID 190645

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0468-1 advisory.

- Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. (CVE-2021-33631)

- Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. (CVE-2023-46838)

- The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this could be exploited in a real world scenario. This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
(CVE-2023-47233)

- In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. (CVE-2023-51043)

- An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after- free because of a vcc_recvmsg race condition. (CVE-2023-51780)

- An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use- after-free because of a rose_accept race condition. (CVE-2023-51782)

- An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. (CVE-2023-6040)

- A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. (CVE-2024-0775)

- A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. (CVE-2024-1086)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1065729

https://bugzilla.suse.com/1108281

https://bugzilla.suse.com/1123986

https://bugzilla.suse.com/1141539

https://bugzilla.suse.com/1181674

https://bugzilla.suse.com/1206889

https://bugzilla.suse.com/1212152

https://bugzilla.suse.com/1216702

https://bugzilla.suse.com/1216989

https://bugzilla.suse.com/1217525

https://bugzilla.suse.com/1218713

https://bugzilla.suse.com/1218730

https://bugzilla.suse.com/1218752

https://bugzilla.suse.com/1218757

https://bugzilla.suse.com/1218768

https://bugzilla.suse.com/1218836

https://bugzilla.suse.com/1218968

https://bugzilla.suse.com/1219022

https://bugzilla.suse.com/1219053

https://bugzilla.suse.com/1219120

https://bugzilla.suse.com/1219412

https://bugzilla.suse.com/1219434

https://bugzilla.suse.com/1219445

https://bugzilla.suse.com/1219446

http://www.nessus.org/u?e66b4c4c

https://www.suse.com/security/cve/CVE-2021-33631

https://www.suse.com/security/cve/CVE-2023-46838

https://www.suse.com/security/cve/CVE-2023-47233

https://www.suse.com/security/cve/CVE-2023-51043

https://www.suse.com/security/cve/CVE-2023-51780

https://www.suse.com/security/cve/CVE-2023-51782

https://www.suse.com/security/cve/CVE-2023-6040

https://www.suse.com/security/cve/CVE-2024-0775

https://www.suse.com/security/cve/CVE-2024-1086

Plugin Details

Severity: High

ID: 190645

File Name: suse_SU-2024-0468-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2/17/2024

Updated: 5/30/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-1086

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/14/2024

Vulnerability Publication Date: 6/21/2023

CISA Known Exploited Vulnerability Due Dates: 6/20/2024

Reference Information

CVE: CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51043, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2024-0775, CVE-2024-1086

SuSE: SUSE-SU-2024:0468-1