SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0855-1)

high Nessus Plugin ID 192006

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0855-1 advisory.

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

- CVE-2023-6270: Fixed a use-after-free bug in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52462: Fixed a security check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 Packet Too Big packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1206453

https://bugzilla.suse.com/1209412

https://bugzilla.suse.com/1216776

https://bugzilla.suse.com/1217927

https://bugzilla.suse.com/1218195

https://bugzilla.suse.com/1218216

https://bugzilla.suse.com/1218450

https://bugzilla.suse.com/1218527

https://bugzilla.suse.com/1218562

https://bugzilla.suse.com/1218663

https://bugzilla.suse.com/1218915

https://bugzilla.suse.com/1219126

https://bugzilla.suse.com/1219127

https://bugzilla.suse.com/1219141

https://bugzilla.suse.com/1219146

https://bugzilla.suse.com/1219295

https://bugzilla.suse.com/1219443

https://bugzilla.suse.com/1219653

https://bugzilla.suse.com/1219827

https://bugzilla.suse.com/1219835

https://bugzilla.suse.com/1219839

https://bugzilla.suse.com/1219840

https://bugzilla.suse.com/1219934

https://bugzilla.suse.com/1220003

https://bugzilla.suse.com/1220009

https://bugzilla.suse.com/1220021

https://bugzilla.suse.com/1220030

https://bugzilla.suse.com/1220106

https://bugzilla.suse.com/1220140

https://bugzilla.suse.com/1220187

https://bugzilla.suse.com/1220238

https://bugzilla.suse.com/1220240

https://bugzilla.suse.com/1220241

https://bugzilla.suse.com/1220243

https://bugzilla.suse.com/1220250

https://bugzilla.suse.com/1220251

https://bugzilla.suse.com/1220253

https://bugzilla.suse.com/1220254

https://bugzilla.suse.com/1220255

https://bugzilla.suse.com/1220257

https://bugzilla.suse.com/1220267

https://bugzilla.suse.com/1220277

https://bugzilla.suse.com/1220317

https://bugzilla.suse.com/1220325

https://bugzilla.suse.com/1220326

https://bugzilla.suse.com/1220328

https://bugzilla.suse.com/1220330

https://bugzilla.suse.com/1220335

https://bugzilla.suse.com/1220344

https://www.suse.com/security/cve/CVE-2023-52530

https://www.suse.com/security/cve/CVE-2023-52531

https://www.suse.com/security/cve/CVE-2023-52559

https://www.suse.com/security/cve/CVE-2023-6270

https://www.suse.com/security/cve/CVE-2023-6817

https://www.suse.com/security/cve/CVE-2024-0607

https://www.suse.com/security/cve/CVE-2024-1151

https://www.suse.com/security/cve/CVE-2024-23849

https://www.suse.com/security/cve/CVE-2024-23850

https://www.suse.com/security/cve/CVE-2024-23851

https://www.suse.com/security/cve/CVE-2024-25744

https://www.suse.com/security/cve/CVE-2024-26585

https://www.suse.com/security/cve/CVE-2024-26586

https://www.suse.com/security/cve/CVE-2024-26589

https://www.suse.com/security/cve/CVE-2024-26591

https://www.suse.com/security/cve/CVE-2024-26593

https://www.suse.com/security/cve/CVE-2024-26595

https://www.suse.com/security/cve/CVE-2024-26598

https://www.suse.com/security/cve/CVE-2024-26602

https://www.suse.com/security/cve/CVE-2024-26603

https://www.suse.com/security/cve/CVE-2024-26607

https://www.suse.com/security/cve/CVE-2024-26622

https://bugzilla.suse.com/1220348

https://bugzilla.suse.com/1220350

https://bugzilla.suse.com/1220364

https://bugzilla.suse.com/1220392

https://bugzilla.suse.com/1220393

https://bugzilla.suse.com/1220398

https://bugzilla.suse.com/1220409

https://bugzilla.suse.com/1220433

https://bugzilla.suse.com/1220444

https://bugzilla.suse.com/1220457

https://bugzilla.suse.com/1220459

https://bugzilla.suse.com/1220469

https://bugzilla.suse.com/1220649

https://bugzilla.suse.com/1220735

https://bugzilla.suse.com/1220736

https://bugzilla.suse.com/1220796

https://bugzilla.suse.com/1220825

https://bugzilla.suse.com/1220845

https://bugzilla.suse.com/1220848

https://bugzilla.suse.com/1220917

https://bugzilla.suse.com/1220930

https://bugzilla.suse.com/1220931

https://bugzilla.suse.com/1220933

http://www.nessus.org/u?88646823

https://www.suse.com/security/cve/CVE-2019-25162

https://www.suse.com/security/cve/CVE-2021-46923

https://www.suse.com/security/cve/CVE-2021-46924

https://www.suse.com/security/cve/CVE-2021-46932

https://www.suse.com/security/cve/CVE-2021-46934

https://www.suse.com/security/cve/CVE-2021-47083

https://www.suse.com/security/cve/CVE-2022-48627

https://www.suse.com/security/cve/CVE-2022-48628

https://www.suse.com/security/cve/CVE-2023-5197

https://www.suse.com/security/cve/CVE-2023-52340

https://www.suse.com/security/cve/CVE-2023-52429

https://www.suse.com/security/cve/CVE-2023-52439

https://www.suse.com/security/cve/CVE-2023-52443

https://www.suse.com/security/cve/CVE-2023-52445

https://www.suse.com/security/cve/CVE-2023-52447

https://www.suse.com/security/cve/CVE-2023-52448

https://www.suse.com/security/cve/CVE-2023-52449

https://www.suse.com/security/cve/CVE-2023-52451

https://www.suse.com/security/cve/CVE-2023-52452

https://www.suse.com/security/cve/CVE-2023-52456

https://www.suse.com/security/cve/CVE-2023-52457

https://www.suse.com/security/cve/CVE-2023-52462

https://www.suse.com/security/cve/CVE-2023-52463

https://www.suse.com/security/cve/CVE-2023-52464

https://www.suse.com/security/cve/CVE-2023-52467

https://www.suse.com/security/cve/CVE-2023-52475

https://www.suse.com/security/cve/CVE-2023-52478

https://www.suse.com/security/cve/CVE-2023-52482

Plugin Details

Severity: High

ID: 192006

File Name: suse_SU-2024-0855-1.nasl

Version: 1.7

Type: local

Agent: unix

Published: 3/13/2024

Updated: 12/16/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-26622

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2024-25744

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-source-azure, p-cpe:/a:novell:suse_linux:kernel-syms-azure, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-devel-azure, p-cpe:/a:novell:suse_linux:kernel-azure, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/12/2024

Vulnerability Publication Date: 9/27/2023

Reference Information

CVE: CVE-2019-25162, CVE-2021-46923, CVE-2021-46924, CVE-2021-46932, CVE-2021-46934, CVE-2021-47083, CVE-2022-48627, CVE-2022-48628, CVE-2023-5197, CVE-2023-52340, CVE-2023-52429, CVE-2023-52439, CVE-2023-52443, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52456, CVE-2023-52457, CVE-2023-52462, CVE-2023-52463, CVE-2023-52464, CVE-2023-52467, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52530, CVE-2023-52531, CVE-2023-52559, CVE-2023-6270, CVE-2023-6817, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-25744, CVE-2024-26585, CVE-2024-26586, CVE-2024-26589, CVE-2024-26591, CVE-2024-26593, CVE-2024-26595, CVE-2024-26598, CVE-2024-26602, CVE-2024-26603, CVE-2024-26607, CVE-2024-26622

SuSE: SUSE-SU-2024:0855-1