Detections
Analytics
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)
high Nessus Plugin ID 194454
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory.The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-36780: Fixed a reference leak when pm_runtime_get_sync fails in i2c (bsc#1220556).
- CVE-2020-36782: Fixed a reference leak when pm_runtime_get_sync fails in i2c imx-lpi2c (bsc#1220560).
- CVE-2020-36783: Fixed a reference leak when pm_runtime_get_sync fails in i2c img-scb (bsc#1220561).
- CVE-2021-23134: Fixed a use-after-free issue in nfc sockets (bsc#1186060).
- CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
- CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
- CVE-2021-46930: Fixed a list_head check warning caused by uninitialization of list_head in usb mtu3 (bsc#1220484).
- CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq (bsc#1220554).
- CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
- CVE-2021-46943: Fixed an oops in set_fmt error handling in media: staging/intel-ipu3 (bsc#1220583).
- CVE-2021-46944: Fixed a memory leak in imu_fmt in media staging/intel-ipu3 (bsc#1220566).
- CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
- CVE-2021-46951: Fixed an integer underflow of efi_tpm_final_log_size in tpm_read_log_efi in tpm efi (bsc#1220615).
- CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs (bsc#1220521).
- CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
- CVE-2021-46961: Fixed an error on not enabling irqs when handling spurious interrups in irqchip/gic-v3 (bsc#1220529).
- CVE-2021-46962: Fixed a resource leak in the remove function in mmc uniphier-sd (bsc#1220532).
- CVE-2021-46963: Fixed a denial of service in qla2xxx_mqueuecommand() in scsi qla2xxx (bsc#1220536)
- CVE-2021-46971: Fixed unconditional security_locked_down() call in perf/core (bsc#1220697).
- CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
- CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631).
- CVE-2021-46988: Fixed release page in error path to avoid BUG_ON in userfaultfd (bsc#1220706).
- CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s (bsc#1220743).
- CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
- CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
- CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
- CVE-2021-47000: Fixed an inode leak on getattr error in __fh_to_dentry in ceph (bsc#1220669).
- CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en (bsc#1220794).
- CVE-2021-47020: Fixed a memory leak in stream config error path in soundwire stream (bsc#1220785).
- CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
- CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
- CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
- CVE-2021-47051: Fixed a PM reference leak in lpspi_prepare_xfer_hardware() in spi fsl-lpspi (bsc#1220764).
- CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
- CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
- CVE-2021-47058: Fixed a possible user-after-free in set debugfs_name in regmap (bsc#1220779).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
- CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
- CVE-2021-47065: Fixed an array overrun in rtw_get_tx_power_params() in rtw88 (bsc#1220749).
- CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
- CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue, ipc/msg, ipc/sem (bsc#1220826).
- CVE-2021-47070: Fixed a memory leak in error handling paths on memory allocated by vmbus_alloc_ring in uio_hv_generic (bsc#1220829).
- CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic (bsc#1220846).
- CVE-2021-47073: Fixed a oops on rmmod dell_smbios exit_dell_smbios_wmi() in platform/x86 dell-smbios-wmi (bsc#1220850).
- CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
- CVE-2021-47082: Fixed a double free in tun_free_netdev in tun (bsc#1220969).
- CVE-2021-47109: Fixed an overflow in neighbour table in neighbour (bsc#1221534).
- CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532).
- CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221541).
- CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
- CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4 (bsc#1221575).
- CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
- CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
- CVE-2021-47120: Fixed a NULL pointer dereference on disconnect in HID magicmouse (bsc#1221606).
- CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
- CVE-2021-47139: Fixed a race condition that lead to oops in netdevice registration in net hns3 (bsc#1221935).
- CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve (bsc#1221949).
- CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
- CVE-2021-47144: Fixed a refcount leak in amdgpufb_create in drm/amd/amdgpu (bsc#1221989).
- CVE-2021-47153: Fixed an out-of-range memory access during bus reset in the case of a block transaction in i2c/i801 (bsc#1221969).
- CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi (bsc#1221966).
- CVE-2021-47165: Fixed a NULL pointer dereference when component was not probed during shutdown in drm/mesonhe (bsc#1221965).
- CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
- CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
- CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
- CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
- CVE-2021-47170: Fixed a WARN about excessively large memory allocations in usb usbfs (bsc#1222004).
- CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
- CVE-2021-47172: Fixed a potential overflow due to non sequential channel numbers in adc/ad7124 (bsc#1221992).
- CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
- CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
- CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4 (bsc#1222001).
- CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2022-0487: Fixed an use-after-free vulnerability in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-4744: Fixed a double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path in moxart (bsc#1220366).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length in nvmet-tcp (bsc#1220320).
- CVE-2023-52469: Fixed an use-after-free in kv_parse_power_table in drivers/amd/pm (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a data corruption in user SDMA requests in IB/hfi1 (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52500: Fixed leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command in scsi in pm80xx (bsc#1220883).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52607: Fixed null-pointer dereference in pgtable_cache_add kasprintf() in powerpc/mm (bsc#1221061).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races (bsc#1218447).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in net (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-22099: Fixed a null pointer dereference in /net/bluetooth/rfcomm/core.C in bluetooth (bsc#1219170).
- CVE-2024-26600: Fixed null pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1186060
https://bugzilla.suse.com/1192145
https://bugzilla.suse.com/1194516
https://bugzilla.suse.com/1208995
https://bugzilla.suse.com/1209635
https://bugzilla.suse.com/1209657
https://bugzilla.suse.com/1212514
https://bugzilla.suse.com/1213456
https://bugzilla.suse.com/1217987
https://bugzilla.suse.com/1217988
https://bugzilla.suse.com/1217989
https://bugzilla.suse.com/1218336
https://bugzilla.suse.com/1218447
https://bugzilla.suse.com/1218479
https://bugzilla.suse.com/1218562
https://bugzilla.suse.com/1219170
https://bugzilla.suse.com/1219264
https://bugzilla.suse.com/1220320
https://bugzilla.suse.com/1220340
https://bugzilla.suse.com/1220366
https://bugzilla.suse.com/1220411
https://bugzilla.suse.com/1220413
https://www.suse.com/security/cve/CVE-2022-48626
https://www.suse.com/security/cve/CVE-2023-0160
https://www.suse.com/security/cve/CVE-2023-1192
https://www.suse.com/security/cve/CVE-2023-28746
https://www.suse.com/security/cve/CVE-2023-35827
https://www.suse.com/security/cve/CVE-2023-52454
https://www.suse.com/security/cve/CVE-2023-52469
https://www.suse.com/security/cve/CVE-2023-52470
https://www.suse.com/security/cve/CVE-2023-52474
https://www.suse.com/security/cve/CVE-2023-52476
https://www.suse.com/security/cve/CVE-2023-52477
https://www.suse.com/security/cve/CVE-2023-52500
https://www.suse.com/security/cve/CVE-2023-52509
https://www.suse.com/security/cve/CVE-2023-52572
https://www.suse.com/security/cve/CVE-2023-52575
https://www.suse.com/security/cve/CVE-2023-52583
https://www.suse.com/security/cve/CVE-2023-52590
https://www.suse.com/security/cve/CVE-2023-52591
https://www.suse.com/security/cve/CVE-2023-52607
https://www.suse.com/security/cve/CVE-2023-52628
https://www.suse.com/security/cve/CVE-2023-6270
https://www.suse.com/security/cve/CVE-2023-6356
https://www.suse.com/security/cve/CVE-2023-6531
https://www.suse.com/security/cve/CVE-2023-6535
https://www.suse.com/security/cve/CVE-2023-6536
https://bugzilla.suse.com/1220442
https://bugzilla.suse.com/1220445
https://bugzilla.suse.com/1220468
https://bugzilla.suse.com/1220484
https://bugzilla.suse.com/1220521
https://bugzilla.suse.com/1220528
https://bugzilla.suse.com/1220529
https://bugzilla.suse.com/1220532
https://bugzilla.suse.com/1220536
https://bugzilla.suse.com/1220554
https://bugzilla.suse.com/1220556
https://bugzilla.suse.com/1220560
https://bugzilla.suse.com/1220561
https://bugzilla.suse.com/1220566
https://bugzilla.suse.com/1220575
https://bugzilla.suse.com/1220580
https://bugzilla.suse.com/1220583
https://bugzilla.suse.com/1220611
https://bugzilla.suse.com/1220615
https://bugzilla.suse.com/1220625
https://bugzilla.suse.com/1220631
https://bugzilla.suse.com/1220638
https://bugzilla.suse.com/1220640
https://bugzilla.suse.com/1220641
https://bugzilla.suse.com/1220662
https://bugzilla.suse.com/1220669
https://bugzilla.suse.com/1220687
https://bugzilla.suse.com/1220692
https://bugzilla.suse.com/1220697
https://bugzilla.suse.com/1220703
https://bugzilla.suse.com/1220706
https://bugzilla.suse.com/1220739
https://bugzilla.suse.com/1220743
https://bugzilla.suse.com/1220745
https://bugzilla.suse.com/1220749
https://bugzilla.suse.com/1220751
https://bugzilla.suse.com/1220764
https://bugzilla.suse.com/1220768
https://bugzilla.suse.com/1220769
https://bugzilla.suse.com/1220777
https://bugzilla.suse.com/1220779
https://bugzilla.suse.com/1220785
https://bugzilla.suse.com/1220790
https://bugzilla.suse.com/1220794
https://bugzilla.suse.com/1220826
https://bugzilla.suse.com/1220829
https://bugzilla.suse.com/1220836
https://bugzilla.suse.com/1220846
https://bugzilla.suse.com/1220850
https://bugzilla.suse.com/1220861
https://bugzilla.suse.com/1220871
https://bugzilla.suse.com/1220883
https://bugzilla.suse.com/1220946
https://bugzilla.suse.com/1220969
https://bugzilla.suse.com/1221044
https://bugzilla.suse.com/1221058
https://bugzilla.suse.com/1221061
https://bugzilla.suse.com/1221077
https://bugzilla.suse.com/1221088
https://bugzilla.suse.com/1221293
https://bugzilla.suse.com/1221532
https://bugzilla.suse.com/1221534
https://bugzilla.suse.com/1221541
https://bugzilla.suse.com/1221548
https://bugzilla.suse.com/1221575
https://bugzilla.suse.com/1221605
https://bugzilla.suse.com/1221606
https://bugzilla.suse.com/1221608
https://bugzilla.suse.com/1221830
https://bugzilla.suse.com/1221934
https://bugzilla.suse.com/1221935
https://bugzilla.suse.com/1221949
https://bugzilla.suse.com/1221952
https://bugzilla.suse.com/1221965
https://bugzilla.suse.com/1221966
https://bugzilla.suse.com/1221969
https://bugzilla.suse.com/1221989
https://bugzilla.suse.com/1221991
https://bugzilla.suse.com/1221992
https://bugzilla.suse.com/1221993
https://bugzilla.suse.com/1221994
https://bugzilla.suse.com/1221997
https://bugzilla.suse.com/1221998
https://bugzilla.suse.com/1221999
https://bugzilla.suse.com/1222000
https://bugzilla.suse.com/1222001
https://bugzilla.suse.com/1222002
https://bugzilla.suse.com/1222004
https://bugzilla.suse.com/1222117
https://bugzilla.suse.com/1222422
https://bugzilla.suse.com/1222585
https://bugzilla.suse.com/1222619
https://bugzilla.suse.com/1222660
https://bugzilla.suse.com/1222664
https://bugzilla.suse.com/1222669
https://bugzilla.suse.com/1222706
https://lists.suse.com/pipermail/sle-updates/2024-April/035109.html
https://www.suse.com/security/cve/CVE-2020-36780
https://www.suse.com/security/cve/CVE-2020-36782
https://www.suse.com/security/cve/CVE-2020-36783
https://www.suse.com/security/cve/CVE-2021-23134
https://www.suse.com/security/cve/CVE-2021-46909
https://www.suse.com/security/cve/CVE-2021-46921
https://www.suse.com/security/cve/CVE-2021-46930
https://www.suse.com/security/cve/CVE-2021-46938
https://www.suse.com/security/cve/CVE-2021-46939
https://www.suse.com/security/cve/CVE-2021-46943
https://www.suse.com/security/cve/CVE-2021-46944
https://www.suse.com/security/cve/CVE-2021-46950
https://www.suse.com/security/cve/CVE-2021-46951
https://www.suse.com/security/cve/CVE-2021-46958
https://www.suse.com/security/cve/CVE-2021-46960
https://www.suse.com/security/cve/CVE-2021-46961
https://www.suse.com/security/cve/CVE-2021-46962
https://www.suse.com/security/cve/CVE-2021-46963
https://www.suse.com/security/cve/CVE-2021-46971
https://www.suse.com/security/cve/CVE-2021-46981
https://www.suse.com/security/cve/CVE-2021-46984
https://www.suse.com/security/cve/CVE-2021-46988
https://www.suse.com/security/cve/CVE-2021-46990
https://www.suse.com/security/cve/CVE-2021-46991
https://www.suse.com/security/cve/CVE-2021-46992
https://www.suse.com/security/cve/CVE-2021-46998
https://www.suse.com/security/cve/CVE-2021-47000
https://www.suse.com/security/cve/CVE-2021-47006
https://www.suse.com/security/cve/CVE-2021-47013
https://www.suse.com/security/cve/CVE-2021-47015
https://www.suse.com/security/cve/CVE-2021-47020
https://www.suse.com/security/cve/CVE-2021-47034
https://www.suse.com/security/cve/CVE-2021-47045
https://www.suse.com/security/cve/CVE-2021-47049
https://www.suse.com/security/cve/CVE-2021-47051
https://www.suse.com/security/cve/CVE-2021-47055
https://www.suse.com/security/cve/CVE-2021-47056
https://www.suse.com/security/cve/CVE-2021-47058
https://www.suse.com/security/cve/CVE-2021-47061
https://www.suse.com/security/cve/CVE-2021-47063
https://www.suse.com/security/cve/CVE-2021-47065
https://www.suse.com/security/cve/CVE-2021-47068
https://www.suse.com/security/cve/CVE-2021-47069
https://www.suse.com/security/cve/CVE-2021-47070
https://www.suse.com/security/cve/CVE-2021-47071
https://www.suse.com/security/cve/CVE-2021-47073
https://www.suse.com/security/cve/CVE-2021-47077
https://www.suse.com/security/cve/CVE-2021-47082
https://www.suse.com/security/cve/CVE-2021-47109
https://www.suse.com/security/cve/CVE-2021-47110
https://www.suse.com/security/cve/CVE-2021-47112
https://www.suse.com/security/cve/CVE-2021-47114
https://www.suse.com/security/cve/CVE-2021-47117
https://www.suse.com/security/cve/CVE-2021-47118
https://www.suse.com/security/cve/CVE-2021-47119
https://www.suse.com/security/cve/CVE-2021-47120
https://www.suse.com/security/cve/CVE-2021-47138
https://www.suse.com/security/cve/CVE-2021-47139
https://www.suse.com/security/cve/CVE-2021-47141
https://www.suse.com/security/cve/CVE-2021-47142
https://www.suse.com/security/cve/CVE-2021-47144
https://www.suse.com/security/cve/CVE-2021-47153
https://www.suse.com/security/cve/CVE-2021-47161
https://www.suse.com/security/cve/CVE-2021-47165
https://www.suse.com/security/cve/CVE-2021-47166
https://www.suse.com/security/cve/CVE-2021-47167
https://www.suse.com/security/cve/CVE-2021-47168
https://www.suse.com/security/cve/CVE-2021-47169
https://www.suse.com/security/cve/CVE-2021-47170
https://www.suse.com/security/cve/CVE-2021-47171
https://www.suse.com/security/cve/CVE-2021-47172
https://www.suse.com/security/cve/CVE-2021-47173
https://www.suse.com/security/cve/CVE-2021-47177
https://www.suse.com/security/cve/CVE-2021-47179
https://www.suse.com/security/cve/CVE-2021-47180
https://www.suse.com/security/cve/CVE-2021-47181
https://www.suse.com/security/cve/CVE-2021-47183
https://www.suse.com/security/cve/CVE-2021-47185
https://www.suse.com/security/cve/CVE-2021-47189
https://www.suse.com/security/cve/CVE-2022-0487
https://www.suse.com/security/cve/CVE-2022-4744
https://www.suse.com/security/cve/CVE-2023-7042
https://www.suse.com/security/cve/CVE-2023-7192
https://www.suse.com/security/cve/CVE-2024-22099
https://www.suse.com/security/cve/CVE-2024-26600
https://www.suse.com/security/cve/CVE-2024-26614
https://www.suse.com/security/cve/CVE-2024-26642
Plugin Details
Severity: High
ID: 194454
File Name: suse_SU-2024-1454-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 4/29/2024
Updated: 7/10/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-23134
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2023-52474
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_188-default, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/26/2024
Vulnerability Publication Date: 5/12/2021
Reference Information
CVE: CVE-2020-36780, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-46909, CVE-2021-46921, CVE-2021-46930, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46958, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46981, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47006, CVE-2021-47013, CVE-2021-47015, CVE-2021-47020, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47153, CVE-2021-47161, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52500, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733
SuSE: SUSE-SU-2024:1454-1