Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0976-1 advisory.
The SUSE Linux Enterprise SLE12SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2020-36777: Fixed a memory leak in dvb_media_device_free() (bsc#1220526).
- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
- CVE-2021-46906: Fixed an info leak in hid_submit_ctrl (bsc#1220421).
- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
- CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2021-46953: Fixed a corruption in interrupt mappings on watchdow probe failure (bsc#1220599).
- CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
- CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2021-47054: Fixed a bug to put child node before return (bsc#1220767).
- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
- CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
- CVE-2023-52340: Fixed ICMPv6 Packet Too Big packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- [media] coda: simplify optional reset handling (git-fixes).
- [media] media drivers: annotate fall-through (git-fixes).
- [media] media: platform: coda: remove variable self assignment (git-fixes).
- asn.1: fix check for strdup() success (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bnx2x: fix pf-vf communication over multi-cos queues (git-fixes).
- doc/readme.ksyms: add to repo.++ kernel-source-rt.spec (revision 4)%define git_commit 1431ee6e1c7fc02206d6bd539f8bd8ec4ce61801release: <release>.g1431ee6this package provides the rpm macros and templates for kernel module packages++ kernel-source.spec.in (revision 4)this package provides the rpm macros and templates for kernel module packages
- e1000: fix memory leaks (git-fixes).
- gve: fix skb truesize underestimation (git-fixes).
- igb: clean up in all error paths when enabling sr-iov (git-fixes).
- igb: fix constant media auto sense switching when no cable is connected (git-fixes).
- ipv6: fix handling of lla with vrf and sockets bound to vrf (git-fixes).
- ipv6: fix typos in __ip6_finish_output() (git-fixes).
- ixgbe: protect tx timestamping from api misuse (git-fixes).
- kcm: call strp_stop before strp_done in kcm_attach (git-fixes).
- kcm: fix strp_init() order and cleanup (git-fixes).
- kernel-source: fix description typo
- kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220613).
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- kvm: x86: add support for cpuid leaf 0x80000021 (git-fixes).
- kvm: x86: move open-coded cpuid leaf 0x80000021 eax bit propagation code (git-fixes).
- kvm: x86: synthesize cpuid leaf 0x80000021h if useful (git-fixes).
- kvm: x86: work around qemu issue with synthetic cpuid leaves (git-fixes).
- locking/barriers: introduce smp_cond_load_relaxed() and atomic_cond_read_relaxed() (bsc#1220468 bsc#1050549).
- media: coda: constify platform_device_id (git-fixes).
- media: coda: explicitly request exclusive reset control (git-fixes).
- media: coda: reduce iram size to leave space for suspend to ram (git-fixes).
- media: coda: reuse coda_s_fmt_vid_cap to propagate format in coda_s_fmt_vid_out (git-fixes).
- media: coda: set min_buffers_needed (git-fixes).
- media: coda: wake up capture queue on encoder stop after output streamoff (git-fixes).
- media: dvb-usb: add memory free on error path in dw2102_probe() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: dw2102: fix memleak on sequence of probes (git-fixes).
- media: dw2102: fix use after free (git-fixes).
- media: dw2102: make dvb_usb_device_description structures const (git-fixes).
- media: m920x: do not use stack on usb reads (git-fixes).
- media: rc: do not remove first bit if leader pulse is present (git-fixes).
- media: rc: ir-rc6-decoder: enable toggle bit for kathrein rcu-676 remote (git-fixes).
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
- media: uvcvideo: set capability in s_param (git-fixes).
- mkspec: use variant in constraints template constraints are not applied consistently with kernel package variants. add variant to the constraints template as appropriate, and expand it in mkspec.
- net/mlx5e: ethtool, avoid setting speed to 56gbase when autoneg off (git-fixes).
- net/sched: tcindex: search key must be 16 bits (git-fixes).
- net: bonding: debug: avoid printing debug logs when bond is not notifying peers (git-fixes).
- net: fec: add missed clk_disable_unprepare in remove (git-fixes).
- net: fec: better handle pm_runtime_get() failing in .remove() (git-fixes).
- net: fec: fix clock count mis-match (git-fixes).
- net: fec: fix use-after-free in fec_drv_remove (git-fixes).
- net: hisilicon: fix dma_map_single failed on arm64 (git-fixes).
- net: hisilicon: fix hip04-xmit never return tx_busy (git-fixes).
- net: hisilicon: fix usage of uninitialized variable in function mdio_sc_cfg_reg_write() (git-fixes).
- net: hisilicon: make hip04_tx_reclaim non-reentrant (git-fixes).
- net: hns3: add compatible handling for mac vlan switch parameter configuration (git-fixes).
- net: hns3: not allow ssu loopback while execute ethtool -t dev (git-fixes).
- net: lpc-enet: fix printk format strings (git-fixes).
- net: nfc: llcp: add lock when modifying device list (git-fixes).
- net: phy: dp83867: enable robust auto-mdix (git-fixes).
- net: phy: initialise phydev speed and duplex sanely (git-fixes).
- net: sfp: add mutex to prevent concurrent state checks (git-fixes).
- net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in irq context (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- nfsd: do not refuse to serve out of cache (bsc#1220957).
- pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes).
- revert 'md/raid5: wait for md_sb_change_pending in raid5d' (git-fixes).
- revert 'wcn36xx: disable bmps when encryption is disabled' (git-fixes).
- rpm/constraints.in: set jobs for riscv to 8 the same workers are used for x86 and riscv and the riscv builds take ages. so align the riscv jobs count to x86.
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into
-devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- rpm/mkspec: sort entries in _multibuild otherwise it creates unnecessary diffs when tar-up-ing. it's of course due to readdir() using 'random' order as served by the underlying filesystem. see for example:
https://build.opensuse.org/request/show/1144457/changes
- rpm: use run_if_exists for all external scriptlets with that the scriptlets do not need to be installed for build.
- s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220607).
- stmmac: fix potential division by 0 (git-fixes).
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
- usb: musb: dsps: fix the probe error path (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- wcn36xx: fix (qos) null data frame bitrate/modulation (git-fixes).
- wcn36xx: fix discarded frames due to wrong sequence number (git-fixes).
- wcn36xx: fix rx bd rate mapping for 5ghz legacy rates (git-fixes).
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (bsc#1213456).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severity as it's used purely for mitigation so it's low risk.
- x86/cpu, kvm: move x86_feature_lfence_rdtsc to its native leaf (git-fixes).
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Plugin Details
File Name: suse_SU-2024-0976-1.nasl
Agent: unix
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:dlm-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt-devel, p-cpe:/a:novell:suse_linux:kernel-source-rt, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-rt-base, p-cpe:/a:novell:suse_linux:gfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-syms-rt, p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel, p-cpe:/a:novell:suse_linux:kernel-rt_debug, p-cpe:/a:novell:suse_linux:kernel-rt, p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt, p-cpe:/a:novell:suse_linux:kernel-devel-rt
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 3/22/2024
Vulnerability Publication Date: 7/14/2021
Reference Information
CVE: CVE-2019-25162, CVE-2020-36777, CVE-2020-36784, CVE-2021-46906, CVE-2021-46915, CVE-2021-46921, CVE-2021-46924, CVE-2021-46929, CVE-2021-46932, CVE-2021-46953, CVE-2021-46974, CVE-2021-46991, CVE-2021-46992, CVE-2021-47013, CVE-2021-47054, CVE-2021-47076, CVE-2021-47077, CVE-2021-47078, CVE-2022-48627, CVE-2023-28746, CVE-2023-35827, CVE-2023-46343, CVE-2023-52340, CVE-2023-52429, CVE-2023-52443, CVE-2023-52445, CVE-2023-52449, CVE-2023-52451, CVE-2023-52464, CVE-2023-52475, CVE-2023-52478, CVE-2023-52482, CVE-2023-52502, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52574, CVE-2023-52597, CVE-2023-52605, CVE-2024-0607, CVE-2024-1151, CVE-2024-23849, CVE-2024-23851, CVE-2024-26585, CVE-2024-26595, CVE-2024-26600, CVE-2024-26622
SuSE: SUSE-SU-2024:0976-1