SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)

high Nessus Plugin ID 194454

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory.

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2020-36780: Fixed a reference leak when pm_runtime_get_sync fails in i2c (bsc#1220556).
- CVE-2020-36782: Fixed a reference leak when pm_runtime_get_sync fails in i2c imx-lpi2c (bsc#1220560).
- CVE-2020-36783: Fixed a reference leak when pm_runtime_get_sync fails in i2c img-scb (bsc#1220561).
- CVE-2021-23134: Fixed a use-after-free issue in nfc sockets (bsc#1186060).
- CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
- CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
- CVE-2021-46930: Fixed a list_head check warning caused by uninitialization of list_head in usb mtu3 (bsc#1220484).
- CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq (bsc#1220554).
- CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
- CVE-2021-46943: Fixed an oops in set_fmt error handling in media: staging/intel-ipu3 (bsc#1220583).
- CVE-2021-46944: Fixed a memory leak in imu_fmt in media staging/intel-ipu3 (bsc#1220566).
- CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
- CVE-2021-46951: Fixed an integer underflow of efi_tpm_final_log_size in tpm_read_log_efi in tpm efi (bsc#1220615).
- CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs (bsc#1220521).
- CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
- CVE-2021-46961: Fixed an error on not enabling irqs when handling spurious interrups in irqchip/gic-v3 (bsc#1220529).
- CVE-2021-46962: Fixed a resource leak in the remove function in mmc uniphier-sd (bsc#1220532).
- CVE-2021-46963: Fixed a denial of service in qla2xxx_mqueuecommand() in scsi qla2xxx (bsc#1220536)
- CVE-2021-46971: Fixed unconditional security_locked_down() call in perf/core (bsc#1220697).
- CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
- CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631).
- CVE-2021-46988: Fixed release page in error path to avoid BUG_ON in userfaultfd (bsc#1220706).
- CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s (bsc#1220743).
- CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
- CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
- CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
- CVE-2021-47000: Fixed an inode leak on getattr error in __fh_to_dentry in ceph (bsc#1220669).
- CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en (bsc#1220794).
- CVE-2021-47020: Fixed a memory leak in stream config error path in soundwire stream (bsc#1220785).
- CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
- CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
- CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
- CVE-2021-47051: Fixed a PM reference leak in lpspi_prepare_xfer_hardware() in spi fsl-lpspi (bsc#1220764).
- CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
- CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
- CVE-2021-47058: Fixed a possible user-after-free in set debugfs_name in regmap (bsc#1220779).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
- CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
- CVE-2021-47065: Fixed an array overrun in rtw_get_tx_power_params() in rtw88 (bsc#1220749).
- CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
- CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue, ipc/msg, ipc/sem (bsc#1220826).
- CVE-2021-47070: Fixed a memory leak in error handling paths on memory allocated by vmbus_alloc_ring in uio_hv_generic (bsc#1220829).
- CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic (bsc#1220846).
- CVE-2021-47073: Fixed a oops on rmmod dell_smbios exit_dell_smbios_wmi() in platform/x86 dell-smbios-wmi (bsc#1220850).
- CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
- CVE-2021-47082: Fixed a double free in tun_free_netdev in tun (bsc#1220969).
- CVE-2021-47109: Fixed an overflow in neighbour table in neighbour (bsc#1221534).
- CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532).
- CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221541).
- CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
- CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4 (bsc#1221575).
- CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
- CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
- CVE-2021-47120: Fixed a NULL pointer dereference on disconnect in HID magicmouse (bsc#1221606).
- CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
- CVE-2021-47139: Fixed a race condition that lead to oops in netdevice registration in net hns3 (bsc#1221935).
- CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve (bsc#1221949).
- CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
- CVE-2021-47144: Fixed a refcount leak in amdgpufb_create in drm/amd/amdgpu (bsc#1221989).
- CVE-2021-47153: Fixed an out-of-range memory access during bus reset in the case of a block transaction in i2c/i801 (bsc#1221969).
- CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi (bsc#1221966).
- CVE-2021-47165: Fixed a NULL pointer dereference when component was not probed during shutdown in drm/mesonhe (bsc#1221965).
- CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
- CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
- CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
- CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
- CVE-2021-47170: Fixed a WARN about excessively large memory allocations in usb usbfs (bsc#1222004).
- CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
- CVE-2021-47172: Fixed a potential overflow due to non sequential channel numbers in adc/ad7124 (bsc#1221992).
- CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
- CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
- CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4 (bsc#1222001).
- CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2022-0487: Fixed an use-after-free vulnerability in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-4744: Fixed a double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path in moxart (bsc#1220366).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length in nvmet-tcp (bsc#1220320).
- CVE-2023-52469: Fixed an use-after-free in kv_parse_power_table in drivers/amd/pm (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a data corruption in user SDMA requests in IB/hfi1 (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52500: Fixed leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command in scsi in pm80xx (bsc#1220883).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52607: Fixed null-pointer dereference in pgtable_cache_add kasprintf() in powerpc/mm (bsc#1221061).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races (bsc#1218447).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in net (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-22099: Fixed a null pointer dereference in /net/bluetooth/rfcomm/core.C in bluetooth (bsc#1219170).
- CVE-2024-26600: Fixed null pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1220706

https://bugzilla.suse.com/1220739

https://bugzilla.suse.com/1220743

https://bugzilla.suse.com/1220745

https://bugzilla.suse.com/1220749

https://bugzilla.suse.com/1220751

https://bugzilla.suse.com/1220764

https://bugzilla.suse.com/1220768

https://bugzilla.suse.com/1220769

https://bugzilla.suse.com/1220777

https://bugzilla.suse.com/1220779

https://bugzilla.suse.com/1220785

https://bugzilla.suse.com/1220790

https://bugzilla.suse.com/1220794

https://bugzilla.suse.com/1220826

https://bugzilla.suse.com/1220829

https://bugzilla.suse.com/1220836

https://bugzilla.suse.com/1220846

https://bugzilla.suse.com/1220850

https://bugzilla.suse.com/1220861

https://bugzilla.suse.com/1220871

https://bugzilla.suse.com/1220883

https://bugzilla.suse.com/1220946

https://bugzilla.suse.com/1220969

https://bugzilla.suse.com/1221044

https://bugzilla.suse.com/1221058

https://bugzilla.suse.com/1221061

https://bugzilla.suse.com/1221077

https://www.suse.com/security/cve/CVE-2021-46990

https://www.suse.com/security/cve/CVE-2021-46991

https://www.suse.com/security/cve/CVE-2021-46992

https://www.suse.com/security/cve/CVE-2021-46998

https://www.suse.com/security/cve/CVE-2021-47000

https://www.suse.com/security/cve/CVE-2021-47006

https://www.suse.com/security/cve/CVE-2021-47013

https://www.suse.com/security/cve/CVE-2021-47015

https://www.suse.com/security/cve/CVE-2021-47020

https://www.suse.com/security/cve/CVE-2021-47034

https://www.suse.com/security/cve/CVE-2021-47045

https://www.suse.com/security/cve/CVE-2021-47049

https://www.suse.com/security/cve/CVE-2021-47051

https://www.suse.com/security/cve/CVE-2021-47055

https://www.suse.com/security/cve/CVE-2021-47056

https://www.suse.com/security/cve/CVE-2021-47058

https://www.suse.com/security/cve/CVE-2021-47061

https://www.suse.com/security/cve/CVE-2021-47063

https://www.suse.com/security/cve/CVE-2021-47065

https://www.suse.com/security/cve/CVE-2021-47068

https://www.suse.com/security/cve/CVE-2021-47069

https://www.suse.com/security/cve/CVE-2021-47070

https://www.suse.com/security/cve/CVE-2021-47071

https://www.suse.com/security/cve/CVE-2021-47073

https://www.suse.com/security/cve/CVE-2021-47077

https://www.suse.com/security/cve/CVE-2021-47082

https://www.suse.com/security/cve/CVE-2021-47109

https://www.suse.com/security/cve/CVE-2021-47110

https://www.suse.com/security/cve/CVE-2021-47112

https://www.suse.com/security/cve/CVE-2021-47114

https://www.suse.com/security/cve/CVE-2021-47117

https://www.suse.com/security/cve/CVE-2021-47118

https://www.suse.com/security/cve/CVE-2021-47119

https://www.suse.com/security/cve/CVE-2021-47120

https://www.suse.com/security/cve/CVE-2021-47138

https://www.suse.com/security/cve/CVE-2021-47139

https://www.suse.com/security/cve/CVE-2021-47141

https://www.suse.com/security/cve/CVE-2021-47142

https://www.suse.com/security/cve/CVE-2021-47144

https://www.suse.com/security/cve/CVE-2021-47153

https://www.suse.com/security/cve/CVE-2021-47161

https://www.suse.com/security/cve/CVE-2021-47165

https://www.suse.com/security/cve/CVE-2021-47166

https://www.suse.com/security/cve/CVE-2021-47167

https://www.suse.com/security/cve/CVE-2021-47168

https://www.suse.com/security/cve/CVE-2021-47169

https://www.suse.com/security/cve/CVE-2021-47170

https://www.suse.com/security/cve/CVE-2021-47171

https://www.suse.com/security/cve/CVE-2021-47172

https://www.suse.com/security/cve/CVE-2021-47173

https://www.suse.com/security/cve/CVE-2021-47177

https://www.suse.com/security/cve/CVE-2021-47179

https://www.suse.com/security/cve/CVE-2021-47180

https://www.suse.com/security/cve/CVE-2021-47181

https://www.suse.com/security/cve/CVE-2021-47183

https://www.suse.com/security/cve/CVE-2021-47185

https://www.suse.com/security/cve/CVE-2021-47189

https://www.suse.com/security/cve/CVE-2022-0487

https://www.suse.com/security/cve/CVE-2022-4744

https://www.suse.com/security/cve/CVE-2022-48626

https://www.suse.com/security/cve/CVE-2023-0160

https://www.suse.com/security/cve/CVE-2023-1192

https://www.suse.com/security/cve/CVE-2023-28746

https://bugzilla.suse.com/1186060

https://bugzilla.suse.com/1192145

https://bugzilla.suse.com/1194516

https://bugzilla.suse.com/1208995

https://bugzilla.suse.com/1209635

https://bugzilla.suse.com/1209657

https://bugzilla.suse.com/1212514

https://bugzilla.suse.com/1213456

https://bugzilla.suse.com/1217987

https://bugzilla.suse.com/1217988

https://bugzilla.suse.com/1217989

https://bugzilla.suse.com/1218336

https://bugzilla.suse.com/1218447

https://bugzilla.suse.com/1218479

https://bugzilla.suse.com/1218562

https://bugzilla.suse.com/1219170

https://bugzilla.suse.com/1219264

https://bugzilla.suse.com/1220320

https://bugzilla.suse.com/1220340

https://bugzilla.suse.com/1220366

https://bugzilla.suse.com/1220411

https://bugzilla.suse.com/1220413

https://bugzilla.suse.com/1220442

https://bugzilla.suse.com/1220445

https://bugzilla.suse.com/1220468

https://bugzilla.suse.com/1220484

https://bugzilla.suse.com/1220521

https://bugzilla.suse.com/1220528

https://bugzilla.suse.com/1220529

https://bugzilla.suse.com/1220532

https://bugzilla.suse.com/1220536

https://bugzilla.suse.com/1220554

https://bugzilla.suse.com/1220556

https://bugzilla.suse.com/1220560

https://bugzilla.suse.com/1220561

https://bugzilla.suse.com/1220566

https://bugzilla.suse.com/1220575

https://bugzilla.suse.com/1220580

https://bugzilla.suse.com/1220583

https://bugzilla.suse.com/1220611

https://bugzilla.suse.com/1220615

https://bugzilla.suse.com/1220625

https://bugzilla.suse.com/1220631

https://bugzilla.suse.com/1220638

https://bugzilla.suse.com/1220640

https://bugzilla.suse.com/1220641

https://bugzilla.suse.com/1220662

https://bugzilla.suse.com/1220669

https://bugzilla.suse.com/1220687

https://bugzilla.suse.com/1220692

https://bugzilla.suse.com/1220697

https://bugzilla.suse.com/1220703

https://bugzilla.suse.com/1221088

https://bugzilla.suse.com/1221293

https://bugzilla.suse.com/1221532

https://bugzilla.suse.com/1221534

https://bugzilla.suse.com/1221541

https://bugzilla.suse.com/1221548

https://bugzilla.suse.com/1221575

https://bugzilla.suse.com/1221605

https://bugzilla.suse.com/1221606

https://bugzilla.suse.com/1221608

https://bugzilla.suse.com/1221830

https://bugzilla.suse.com/1221934

https://bugzilla.suse.com/1221935

https://bugzilla.suse.com/1221949

https://bugzilla.suse.com/1221952

https://bugzilla.suse.com/1221965

https://bugzilla.suse.com/1221966

https://bugzilla.suse.com/1221969

https://bugzilla.suse.com/1221989

https://bugzilla.suse.com/1221991

https://bugzilla.suse.com/1221992

https://bugzilla.suse.com/1221993

https://bugzilla.suse.com/1221994

https://bugzilla.suse.com/1221997

https://bugzilla.suse.com/1221998

https://bugzilla.suse.com/1221999

https://bugzilla.suse.com/1222000

https://bugzilla.suse.com/1222001

https://bugzilla.suse.com/1222002

https://bugzilla.suse.com/1222004

https://bugzilla.suse.com/1222117

https://bugzilla.suse.com/1222422

https://bugzilla.suse.com/1222585

https://bugzilla.suse.com/1222619

https://bugzilla.suse.com/1222660

https://bugzilla.suse.com/1222664

https://bugzilla.suse.com/1222669

https://bugzilla.suse.com/1222706

https://lists.suse.com/pipermail/sle-updates/2024-April/035109.html

https://www.suse.com/security/cve/CVE-2020-36780

https://www.suse.com/security/cve/CVE-2020-36782

https://www.suse.com/security/cve/CVE-2020-36783

https://www.suse.com/security/cve/CVE-2021-23134

https://www.suse.com/security/cve/CVE-2021-46909

https://www.suse.com/security/cve/CVE-2021-46921

https://www.suse.com/security/cve/CVE-2021-46930

https://www.suse.com/security/cve/CVE-2021-46938

https://www.suse.com/security/cve/CVE-2021-46939

https://www.suse.com/security/cve/CVE-2021-46943

https://www.suse.com/security/cve/CVE-2021-46944

https://www.suse.com/security/cve/CVE-2021-46950

https://www.suse.com/security/cve/CVE-2021-46951

https://www.suse.com/security/cve/CVE-2021-46958

https://www.suse.com/security/cve/CVE-2021-46960

https://www.suse.com/security/cve/CVE-2021-46961

https://www.suse.com/security/cve/CVE-2021-46962

https://www.suse.com/security/cve/CVE-2021-46963

https://www.suse.com/security/cve/CVE-2021-46971

https://www.suse.com/security/cve/CVE-2021-46981

https://www.suse.com/security/cve/CVE-2021-46984

https://www.suse.com/security/cve/CVE-2021-46988

https://www.suse.com/security/cve/CVE-2023-52575

https://www.suse.com/security/cve/CVE-2023-52583

https://www.suse.com/security/cve/CVE-2023-52590

https://www.suse.com/security/cve/CVE-2023-52591

https://www.suse.com/security/cve/CVE-2023-52607

https://www.suse.com/security/cve/CVE-2023-52628

https://www.suse.com/security/cve/CVE-2023-6270

https://www.suse.com/security/cve/CVE-2023-6356

https://www.suse.com/security/cve/CVE-2023-6531

https://www.suse.com/security/cve/CVE-2023-6535

https://www.suse.com/security/cve/CVE-2023-6536

https://www.suse.com/security/cve/CVE-2023-7042

https://www.suse.com/security/cve/CVE-2023-7192

https://www.suse.com/security/cve/CVE-2023-35827

https://www.suse.com/security/cve/CVE-2023-52454

https://www.suse.com/security/cve/CVE-2023-52469

https://www.suse.com/security/cve/CVE-2023-52470

https://www.suse.com/security/cve/CVE-2023-52474

https://www.suse.com/security/cve/CVE-2023-52476

https://www.suse.com/security/cve/CVE-2023-52477

https://www.suse.com/security/cve/CVE-2023-52500

https://www.suse.com/security/cve/CVE-2023-52509

https://www.suse.com/security/cve/CVE-2023-52572

https://www.suse.com/security/cve/CVE-2024-22099

https://www.suse.com/security/cve/CVE-2024-26600

https://www.suse.com/security/cve/CVE-2024-26614

https://www.suse.com/security/cve/CVE-2024-26642

https://www.suse.com/security/cve/CVE-2024-26704

https://www.suse.com/security/cve/CVE-2024-26733

Plugin Details

Severity: High

ID: 194454

File Name: suse_SU-2024-1454-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 4/29/2024

Updated: 12/13/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-23134

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-52572

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-preempt-devel, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_188-default, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-preempt, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/26/2024

Vulnerability Publication Date: 5/12/2021

Reference Information

CVE: CVE-2020-36780, CVE-2020-36782, CVE-2020-36783, CVE-2021-23134, CVE-2021-46909, CVE-2021-46921, CVE-2021-46930, CVE-2021-46938, CVE-2021-46939, CVE-2021-46943, CVE-2021-46944, CVE-2021-46950, CVE-2021-46951, CVE-2021-46958, CVE-2021-46960, CVE-2021-46961, CVE-2021-46962, CVE-2021-46963, CVE-2021-46971, CVE-2021-46981, CVE-2021-46984, CVE-2021-46988, CVE-2021-46990, CVE-2021-46991, CVE-2021-46992, CVE-2021-46998, CVE-2021-47000, CVE-2021-47006, CVE-2021-47013, CVE-2021-47015, CVE-2021-47020, CVE-2021-47034, CVE-2021-47045, CVE-2021-47049, CVE-2021-47051, CVE-2021-47055, CVE-2021-47056, CVE-2021-47058, CVE-2021-47061, CVE-2021-47063, CVE-2021-47065, CVE-2021-47068, CVE-2021-47069, CVE-2021-47070, CVE-2021-47071, CVE-2021-47073, CVE-2021-47077, CVE-2021-47082, CVE-2021-47109, CVE-2021-47110, CVE-2021-47112, CVE-2021-47114, CVE-2021-47117, CVE-2021-47118, CVE-2021-47119, CVE-2021-47120, CVE-2021-47138, CVE-2021-47139, CVE-2021-47141, CVE-2021-47142, CVE-2021-47144, CVE-2021-47153, CVE-2021-47161, CVE-2021-47165, CVE-2021-47166, CVE-2021-47167, CVE-2021-47168, CVE-2021-47169, CVE-2021-47170, CVE-2021-47171, CVE-2021-47172, CVE-2021-47173, CVE-2021-47177, CVE-2021-47179, CVE-2021-47180, CVE-2021-47181, CVE-2021-47183, CVE-2021-47185, CVE-2021-47189, CVE-2022-0487, CVE-2022-4744, CVE-2022-48626, CVE-2023-0160, CVE-2023-1192, CVE-2023-28746, CVE-2023-35827, CVE-2023-52454, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52500, CVE-2023-52509, CVE-2023-52572, CVE-2023-52575, CVE-2023-52583, CVE-2023-52590, CVE-2023-52591, CVE-2023-52607, CVE-2023-52628, CVE-2023-6270, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-22099, CVE-2024-26600, CVE-2024-26614, CVE-2024-26642, CVE-2024-26704, CVE-2024-26733

SuSE: SUSE-SU-2024:1454-1