SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)

high Nessus Plugin ID 194886

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory.

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function
__dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1194869

https://bugzilla.suse.com/1200465

https://bugzilla.suse.com/1205316

https://bugzilla.suse.com/1207948

https://bugzilla.suse.com/1209635

https://bugzilla.suse.com/1209657

https://bugzilla.suse.com/1212514

https://bugzilla.suse.com/1213456

https://bugzilla.suse.com/1214852

https://bugzilla.suse.com/1215221

https://bugzilla.suse.com/1215322

https://bugzilla.suse.com/1217339

https://bugzilla.suse.com/1217829

https://bugzilla.suse.com/1217959

https://bugzilla.suse.com/1217987

https://bugzilla.suse.com/1217988

https://bugzilla.suse.com/1217989

https://bugzilla.suse.com/1218321

https://bugzilla.suse.com/1218336

https://bugzilla.suse.com/1218479

https://bugzilla.suse.com/1218562

https://bugzilla.suse.com/1218643

https://bugzilla.suse.com/1218777

https://bugzilla.suse.com/1219169

https://bugzilla.suse.com/1219170

https://bugzilla.suse.com/1219264

https://bugzilla.suse.com/1219443

https://bugzilla.suse.com/1219834

https://bugzilla.suse.com/1220114

https://bugzilla.suse.com/1220176

https://bugzilla.suse.com/1220237

https://bugzilla.suse.com/1220251

https://bugzilla.suse.com/1220320

https://bugzilla.suse.com/1220325

https://bugzilla.suse.com/1220328

https://bugzilla.suse.com/1220337

https://bugzilla.suse.com/1220340

https://bugzilla.suse.com/1220365

https://bugzilla.suse.com/1220366

https://bugzilla.suse.com/1220393

https://bugzilla.suse.com/1220398

https://bugzilla.suse.com/1220411

https://bugzilla.suse.com/1220413

https://bugzilla.suse.com/1220433

https://bugzilla.suse.com/1220439

https://bugzilla.suse.com/1220443

https://bugzilla.suse.com/1220445

https://bugzilla.suse.com/1220466

https://bugzilla.suse.com/1220469

https://bugzilla.suse.com/1220478

https://bugzilla.suse.com/1220482

https://bugzilla.suse.com/1220484

https://bugzilla.suse.com/1220486

https://bugzilla.suse.com/1220487

https://bugzilla.suse.com/1220492

https://bugzilla.suse.com/1220703

https://bugzilla.suse.com/1220735

https://bugzilla.suse.com/1220736

https://bugzilla.suse.com/1220775

https://bugzilla.suse.com/1220790

https://bugzilla.suse.com/1220797

https://bugzilla.suse.com/1220831

https://bugzilla.suse.com/1220833

https://bugzilla.suse.com/1220836

https://bugzilla.suse.com/1220839

https://bugzilla.suse.com/1220840

https://bugzilla.suse.com/1220843

https://bugzilla.suse.com/1220845

https://bugzilla.suse.com/1220848

https://bugzilla.suse.com/1220870

https://bugzilla.suse.com/1220871

https://bugzilla.suse.com/1220872

https://bugzilla.suse.com/1220878

https://bugzilla.suse.com/1220879

https://bugzilla.suse.com/1220883

https://bugzilla.suse.com/1220885

https://bugzilla.suse.com/1220887

https://bugzilla.suse.com/1220898

https://bugzilla.suse.com/1220917

https://bugzilla.suse.com/1220918

https://bugzilla.suse.com/1220920

https://bugzilla.suse.com/1220921

https://bugzilla.suse.com/1220926

https://bugzilla.suse.com/1220927

https://bugzilla.suse.com/1220929

https://bugzilla.suse.com/1220930

https://bugzilla.suse.com/1220931

https://bugzilla.suse.com/1220932

https://bugzilla.suse.com/1220933

https://bugzilla.suse.com/1220937

https://bugzilla.suse.com/1220938

https://bugzilla.suse.com/1220940

https://bugzilla.suse.com/1220954

https://bugzilla.suse.com/1220955

https://bugzilla.suse.com/1220959

https://bugzilla.suse.com/1220960

https://bugzilla.suse.com/1220961

https://bugzilla.suse.com/1220965

https://bugzilla.suse.com/1220969

https://bugzilla.suse.com/1220978

https://bugzilla.suse.com/1220979

https://bugzilla.suse.com/1220981

https://bugzilla.suse.com/1220982

https://bugzilla.suse.com/1220983

https://bugzilla.suse.com/1220985

https://bugzilla.suse.com/1220986

https://bugzilla.suse.com/1220987

https://bugzilla.suse.com/1220989

https://bugzilla.suse.com/1220990

https://bugzilla.suse.com/1221009

https://bugzilla.suse.com/1221012

https://bugzilla.suse.com/1221015

https://bugzilla.suse.com/1221022

https://bugzilla.suse.com/1221039

https://bugzilla.suse.com/1221040

https://bugzilla.suse.com/1221044

https://bugzilla.suse.com/1221045

https://bugzilla.suse.com/1221046

https://bugzilla.suse.com/1221048

https://bugzilla.suse.com/1221055

https://bugzilla.suse.com/1221056

https://bugzilla.suse.com/1221058

https://bugzilla.suse.com/1221060

https://bugzilla.suse.com/1221061

https://bugzilla.suse.com/1221062

https://bugzilla.suse.com/1221066

https://bugzilla.suse.com/1221067

https://bugzilla.suse.com/1221068

https://bugzilla.suse.com/1221069

https://bugzilla.suse.com/1221070

https://bugzilla.suse.com/1221071

https://bugzilla.suse.com/1221077

https://bugzilla.suse.com/1221082

https://bugzilla.suse.com/1221090

https://bugzilla.suse.com/1221097

https://bugzilla.suse.com/1221156

https://bugzilla.suse.com/1221252

https://bugzilla.suse.com/1221273

https://bugzilla.suse.com/1221274

https://bugzilla.suse.com/1221276

https://bugzilla.suse.com/1221277

https://bugzilla.suse.com/1221291

https://bugzilla.suse.com/1221293

https://bugzilla.suse.com/1221298

https://bugzilla.suse.com/1221337

https://bugzilla.suse.com/1221338

https://bugzilla.suse.com/1221375

https://bugzilla.suse.com/1221379

https://bugzilla.suse.com/1221551

https://bugzilla.suse.com/1221553

https://bugzilla.suse.com/1221613

https://bugzilla.suse.com/1221614

https://bugzilla.suse.com/1221616

https://bugzilla.suse.com/1221618

https://bugzilla.suse.com/1221631

https://bugzilla.suse.com/1221633

https://bugzilla.suse.com/1221713

https://bugzilla.suse.com/1221725

https://bugzilla.suse.com/1221777

https://bugzilla.suse.com/1221814

https://bugzilla.suse.com/1221816

https://bugzilla.suse.com/1221830

https://bugzilla.suse.com/1221951

https://bugzilla.suse.com/1222033

https://bugzilla.suse.com/1222056

https://bugzilla.suse.com/1222060

https://bugzilla.suse.com/1222070

https://bugzilla.suse.com/1222073

https://bugzilla.suse.com/1222117

https://bugzilla.suse.com/1222274

https://bugzilla.suse.com/1222291

https://bugzilla.suse.com/1222300

https://bugzilla.suse.com/1222304

https://bugzilla.suse.com/1222317

https://bugzilla.suse.com/1222331

https://bugzilla.suse.com/1222355

https://bugzilla.suse.com/1222356

https://bugzilla.suse.com/1222360

https://bugzilla.suse.com/1222366

https://bugzilla.suse.com/1222373

https://bugzilla.suse.com/1222619

https://bugzilla.suse.com/1222952

https://lists.suse.com/pipermail/sle-updates/2024-April/035134.html

https://www.suse.com/security/cve/CVE-2021-46925

https://www.suse.com/security/cve/CVE-2021-46926

https://www.suse.com/security/cve/CVE-2021-46927

https://www.suse.com/security/cve/CVE-2021-46929

https://www.suse.com/security/cve/CVE-2021-46930

https://www.suse.com/security/cve/CVE-2021-46931

https://www.suse.com/security/cve/CVE-2021-46933

https://www.suse.com/security/cve/CVE-2021-46934

https://www.suse.com/security/cve/CVE-2021-46936

https://www.suse.com/security/cve/CVE-2021-47082

https://www.suse.com/security/cve/CVE-2021-47083

https://www.suse.com/security/cve/CVE-2021-47087

https://www.suse.com/security/cve/CVE-2021-47091

https://www.suse.com/security/cve/CVE-2021-47093

https://www.suse.com/security/cve/CVE-2021-47094

https://www.suse.com/security/cve/CVE-2021-47095

https://www.suse.com/security/cve/CVE-2021-47096

https://www.suse.com/security/cve/CVE-2021-47097

https://www.suse.com/security/cve/CVE-2021-47098

https://www.suse.com/security/cve/CVE-2021-47099

https://www.suse.com/security/cve/CVE-2021-47100

https://www.suse.com/security/cve/CVE-2021-47101

https://www.suse.com/security/cve/CVE-2021-47102

https://www.suse.com/security/cve/CVE-2021-47104

https://www.suse.com/security/cve/CVE-2021-47105

https://www.suse.com/security/cve/CVE-2021-47107

https://www.suse.com/security/cve/CVE-2021-47108

https://www.suse.com/security/cve/CVE-2022-4744

https://www.suse.com/security/cve/CVE-2022-48626

https://www.suse.com/security/cve/CVE-2022-48627

https://www.suse.com/security/cve/CVE-2022-48628

https://www.suse.com/security/cve/CVE-2022-48629

https://www.suse.com/security/cve/CVE-2022-48630

https://www.suse.com/security/cve/CVE-2023-0160

https://www.suse.com/security/cve/CVE-2023-28746

https://www.suse.com/security/cve/CVE-2023-35827

https://www.suse.com/security/cve/CVE-2023-4881

https://www.suse.com/security/cve/CVE-2023-52447

https://www.suse.com/security/cve/CVE-2023-52450

https://www.suse.com/security/cve/CVE-2023-52453

https://www.suse.com/security/cve/CVE-2023-52454

https://www.suse.com/security/cve/CVE-2023-52462

https://www.suse.com/security/cve/CVE-2023-52463

https://www.suse.com/security/cve/CVE-2023-52467

https://www.suse.com/security/cve/CVE-2023-52469

https://www.suse.com/security/cve/CVE-2023-52470

https://www.suse.com/security/cve/CVE-2023-52474

https://www.suse.com/security/cve/CVE-2023-52476

https://www.suse.com/security/cve/CVE-2023-52477

https://www.suse.com/security/cve/CVE-2023-52481

https://www.suse.com/security/cve/CVE-2023-52482

https://www.suse.com/security/cve/CVE-2023-52484

https://www.suse.com/security/cve/CVE-2023-52486

https://www.suse.com/security/cve/CVE-2023-52492

https://www.suse.com/security/cve/CVE-2023-52493

https://www.suse.com/security/cve/CVE-2023-52494

https://www.suse.com/security/cve/CVE-2023-52497

https://www.suse.com/security/cve/CVE-2023-52500

https://www.suse.com/security/cve/CVE-2023-52501

https://www.suse.com/security/cve/CVE-2023-52502

https://www.suse.com/security/cve/CVE-2023-52504

https://www.suse.com/security/cve/CVE-2023-52507

https://www.suse.com/security/cve/CVE-2023-52508

https://www.suse.com/security/cve/CVE-2023-52509

https://www.suse.com/security/cve/CVE-2023-52510

https://www.suse.com/security/cve/CVE-2023-52511

https://www.suse.com/security/cve/CVE-2023-52513

https://www.suse.com/security/cve/CVE-2023-52515

https://www.suse.com/security/cve/CVE-2023-52517

https://www.suse.com/security/cve/CVE-2023-52518

https://www.suse.com/security/cve/CVE-2023-52519

https://www.suse.com/security/cve/CVE-2023-52520

https://www.suse.com/security/cve/CVE-2023-52523

https://www.suse.com/security/cve/CVE-2023-52524

https://www.suse.com/security/cve/CVE-2023-52525

https://www.suse.com/security/cve/CVE-2023-52528

https://www.suse.com/security/cve/CVE-2023-52529

https://www.suse.com/security/cve/CVE-2023-52530

https://www.suse.com/security/cve/CVE-2023-52531

https://www.suse.com/security/cve/CVE-2023-52532

https://www.suse.com/security/cve/CVE-2023-52559

https://www.suse.com/security/cve/CVE-2023-52563

https://www.suse.com/security/cve/CVE-2023-52564

https://www.suse.com/security/cve/CVE-2023-52566

https://www.suse.com/security/cve/CVE-2023-52567

https://www.suse.com/security/cve/CVE-2023-52569

https://www.suse.com/security/cve/CVE-2023-52574

https://www.suse.com/security/cve/CVE-2023-52575

https://www.suse.com/security/cve/CVE-2023-52576

https://www.suse.com/security/cve/CVE-2023-52582

https://www.suse.com/security/cve/CVE-2023-52583

https://www.suse.com/security/cve/CVE-2023-52587

https://www.suse.com/security/cve/CVE-2023-52591

https://www.suse.com/security/cve/CVE-2023-52594

https://www.suse.com/security/cve/CVE-2023-52595

https://www.suse.com/security/cve/CVE-2023-52597

https://www.suse.com/security/cve/CVE-2023-52598

https://www.suse.com/security/cve/CVE-2023-52599

https://www.suse.com/security/cve/CVE-2023-52600

https://www.suse.com/security/cve/CVE-2023-52601

https://www.suse.com/security/cve/CVE-2023-52602

https://www.suse.com/security/cve/CVE-2023-52603

https://www.suse.com/security/cve/CVE-2023-52604

https://www.suse.com/security/cve/CVE-2023-52605

https://www.suse.com/security/cve/CVE-2023-52606

https://www.suse.com/security/cve/CVE-2023-52607

https://www.suse.com/security/cve/CVE-2023-52608

https://www.suse.com/security/cve/CVE-2023-52612

https://www.suse.com/security/cve/CVE-2023-52615

https://www.suse.com/security/cve/CVE-2023-52617

https://www.suse.com/security/cve/CVE-2023-52619

https://www.suse.com/security/cve/CVE-2023-52621

https://www.suse.com/security/cve/CVE-2023-52623

https://www.suse.com/security/cve/CVE-2023-52628

https://www.suse.com/security/cve/CVE-2023-52632

https://www.suse.com/security/cve/CVE-2023-52637

https://www.suse.com/security/cve/CVE-2023-52639

https://www.suse.com/security/cve/CVE-2023-6270

https://www.suse.com/security/cve/CVE-2023-6356

https://www.suse.com/security/cve/CVE-2023-6535

https://www.suse.com/security/cve/CVE-2023-6536

https://www.suse.com/security/cve/CVE-2023-7042

https://www.suse.com/security/cve/CVE-2023-7192

https://www.suse.com/security/cve/CVE-2024-0841

https://www.suse.com/security/cve/CVE-2024-2201

https://www.suse.com/security/cve/CVE-2024-22099

https://www.suse.com/security/cve/CVE-2024-23307

https://www.suse.com/security/cve/CVE-2024-25739

https://www.suse.com/security/cve/CVE-2024-25742

https://www.suse.com/security/cve/CVE-2024-25743

https://www.suse.com/security/cve/CVE-2024-26599

https://www.suse.com/security/cve/CVE-2024-26600

https://www.suse.com/security/cve/CVE-2024-26602

https://www.suse.com/security/cve/CVE-2024-26607

https://www.suse.com/security/cve/CVE-2024-26612

https://www.suse.com/security/cve/CVE-2024-26614

https://www.suse.com/security/cve/CVE-2024-26620

https://www.suse.com/security/cve/CVE-2024-26627

https://www.suse.com/security/cve/CVE-2024-26629

https://www.suse.com/security/cve/CVE-2024-26642

https://www.suse.com/security/cve/CVE-2024-26645

https://www.suse.com/security/cve/CVE-2024-26646

https://www.suse.com/security/cve/CVE-2024-26651

https://www.suse.com/security/cve/CVE-2024-26654

https://www.suse.com/security/cve/CVE-2024-26659

https://www.suse.com/security/cve/CVE-2024-26664

https://www.suse.com/security/cve/CVE-2024-26667

https://www.suse.com/security/cve/CVE-2024-26670

https://www.suse.com/security/cve/CVE-2024-26695

https://www.suse.com/security/cve/CVE-2024-26717

Plugin Details

Severity: High

ID: 194886

File Name: suse_SU-2024-1480-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 5/1/2024

Updated: 8/28/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-26599

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150500_55_59-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/30/2024

Vulnerability Publication Date: 1/26/2022

Reference Information

CVE: CVE-2021-46925, CVE-2021-46926, CVE-2021-46927, CVE-2021-46929, CVE-2021-46930, CVE-2021-46931, CVE-2021-46933, CVE-2021-46934, CVE-2021-46936, CVE-2021-47082, CVE-2021-47083, CVE-2021-47087, CVE-2021-47091, CVE-2021-47093, CVE-2021-47094, CVE-2021-47095, CVE-2021-47096, CVE-2021-47097, CVE-2021-47098, CVE-2021-47099, CVE-2021-47100, CVE-2021-47101, CVE-2021-47102, CVE-2021-47104, CVE-2021-47105, CVE-2021-47107, CVE-2021-47108, CVE-2022-4744, CVE-2022-48626, CVE-2022-48627, CVE-2022-48628, CVE-2022-48629, CVE-2022-48630, CVE-2023-0160, CVE-2023-28746, CVE-2023-35827, CVE-2023-4881, CVE-2023-52447, CVE-2023-52450, CVE-2023-52453, CVE-2023-52454, CVE-2023-52462, CVE-2023-52463, CVE-2023-52467, CVE-2023-52469, CVE-2023-52470, CVE-2023-52474, CVE-2023-52476, CVE-2023-52477, CVE-2023-52481, CVE-2023-52482, CVE-2023-52484, CVE-2023-52486, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52500, CVE-2023-52501, CVE-2023-52502, CVE-2023-52504, CVE-2023-52507, CVE-2023-52508, CVE-2023-52509, CVE-2023-52510, CVE-2023-52511, CVE-2023-52513, CVE-2023-52515, CVE-2023-52517, CVE-2023-52518, CVE-2023-52519, CVE-2023-52520, CVE-2023-52523, CVE-2023-52524, CVE-2023-52525, CVE-2023-52528, CVE-2023-52529, CVE-2023-52530, CVE-2023-52531, CVE-2023-52532, CVE-2023-52559, CVE-2023-52563, CVE-2023-52564, CVE-2023-52566, CVE-2023-52567, CVE-2023-52569, CVE-2023-52574, CVE-2023-52575, CVE-2023-52576, CVE-2023-52582, CVE-2023-52583, CVE-2023-52587, CVE-2023-52591, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52605, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52612, CVE-2023-52615, CVE-2023-52617, CVE-2023-52619, CVE-2023-52621, CVE-2023-52623, CVE-2023-52628, CVE-2023-52632, CVE-2023-52637, CVE-2023-52639, CVE-2023-6270, CVE-2023-6356, CVE-2023-6535, CVE-2023-6536, CVE-2023-7042, CVE-2023-7192, CVE-2024-0841, CVE-2024-2201, CVE-2024-22099, CVE-2024-23307, CVE-2024-25739, CVE-2024-25742, CVE-2024-25743, CVE-2024-26599, CVE-2024-26600, CVE-2024-26602, CVE-2024-26607, CVE-2024-26612, CVE-2024-26614, CVE-2024-26620, CVE-2024-26627, CVE-2024-26629, CVE-2024-26642, CVE-2024-26645, CVE-2024-26646, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26664, CVE-2024-26667, CVE-2024-26670, CVE-2024-26695, CVE-2024-26717

SuSE: SUSE-SU-2024:1480-1